It's a strange problem, I settle down LDAP setting and can get correct ldapsearch result at the mgmt node, but when I use "su" to the user, the system prompt "the user is not existed".

It seems the LDAP service ( slaped ) is running and the user authentication goes through /etc/passwd still. How to move the user authentication to LDAP only?

I had changed /etc/nsswitch.conf to use ldap also.

[root@xcat user]# ldapsearch -x -v -D "cn=root,dc=isilon,dc=cn" -W -b "ou=People,dc=isilon,dc=cn" "uid=demo"
ldap_initialize( <DEFAULT> )
Enter LDAP Password:
filter: uid=demo
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <ou=People,dc=isilon,dc=cn> with scope subtree
# filter: uid=demo
# requesting: ALL
#

# demo, People, isilon.cn
dn: uid=demo,ou=People,dc=isilon,dc=cn
uid: demo
cn: demo
sn: demo
mail: demo@isilon.cn
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword:: e2NyeXB0fSQ2JHkuMjUwS3hlJE9VZ3BidXJDdlg0UFk2NVFSSXBKNjhtNnpxYVp
 OVHdZYnBpZkdJVUJuQk1ZZnlVdmtEMHNwMTZLUmtaQmhoT0xrQ1NZdEhUU2NEUDRhTmhGUnJNSWIv
shadowLastChange: 15334
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 501
gidNumber: 500
homeDirectory: /ifs/home/demo

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

[root@xcat user]# su - demo
su:  user demo is not existed