>My unix box's PAM module already support ldap and i try to config it >in /etc/nsswitch.conf so that the ldap is first priority. Then, the >authentication of telnet, ssh, qpopper's pop3, ftp...can be done by LDAP >server. Am i correct? Yep, simply, you might need to edit some other config file like /etc/ldap.conf to provide the nss and pam modules enough information to locate the root of the correct dsa.