ldap user authentication, PAM and chsh (change shell): how to make it work?