Red Hat recommended me compat mode in /etc/nsswitch.conf as one of the options to enumerate LDAP users, but later said that it's not a much-used method.
nsswitch.conf
passwd: files compat
passwd_compat: ldap
in passwd file, add +@netgroup.
What is this compat mode?
This excerpt was taken from amazing book written by Linux advocate Evi Nemeth( unfortunately recently lost in the sea http://www.theregister.co.uk/2013/07/05/evi_nemeth_unix_dead/ ) in her one of the first and best linux admin book: Linux® Administration Handbook. For this case it was in the second edition of the book, I am not sure if this was duplicated in the latest 4th edition of the book, as by that time is NIS and NIS+ is less relevant.
Configuration information can be distributed in several ways. Every system understands flat files and knows how to use DNS to look up hostnames and Internet addresses. Most also understand NIS. Since a given piece of information could come from several potential sources, Linux provides a way for you to specify the sources that are to be checked and the order in which the checks are made.
In the original (pre-Linux) implementation of NIS, some configuration files (the /etc/passwd and /etc/group files in particular) had to be configured to “invite in” the contents of the corresponding NIS maps. The invitation was extended by inclusion of special incantations in the files themselves. A lone “+” at the beginning of a line would include the entire NIS map, “+@netgroup” would include only entries relevant to a given netgroup, and “+name” would include a single entry.
This approach was never very well liked, and it has been superseded by a central config file, /etc/nsswitch.conf, that allows an explicit search path to be specified for each type of administrative information. The original behavior can be emulated by use of a compatibility mode, but it’s unlikely you would want to use this feature on a newly configured network. (Unfortunately, emulation is most distributions’ default.)
The common sources are nis, nisplus, files, dns, and compat; they refer to NIS, NIS+,[5] vanilla flat files (ignoring tokens such as “+”), DNS, and NISified flat files (honoring “+”), respectively.
