diff -ur /var/tmp/portage/sys-auth/pambase-20090620.1-r1/work/pambase-20090620.1/Makefile pambase-20090620.1/Makefile
--- /var/tmp/portage/sys-auth/pambase-20090620.1-r1/work/pambase-20090620.1/Makefile	2009-06-20 15:59:32.000000000 -0500
+++ pambase-20090620.1/Makefile	2009-08-16 14:09:32.000000000 -0500
@@ -44,6 +44,10 @@
 PAMFLAGS += -DHAVE_PAM_SSH=1
 endif
 
+ifeq "$(LDAP)" "yes"
+PAMFLAGS += -DHAVE_LDAP=1
+endif
+
 ifeq "$(SHA512)" "yes"
 PAMFLAGS += -DWANT_SHA512=1
 endif
diff -ur /var/tmp/portage/sys-auth/pambase-20090620.1-r1/work/pambase-20090620.1/system-auth.in pambase-20090620.1/system-auth.in
--- /var/tmp/portage/sys-auth/pambase-20090620.1-r1/work/pambase-20090620.1/system-auth.in	2009-06-20 15:59:32.000000000 -0500
+++ pambase-20090620.1/system-auth.in	2009-08-16 14:18:26.000000000 -0500
@@ -4,8 +4,15 @@
 #if HAVE_PAM_SSH
 auth		sufficient	pam_ssh.so
 #endif
-auth		required	pam_unix.so try_first_pass LIKEAUTH nullok DEBUG
+auth		sufficient	pam_unix.so try_first_pass LIKEAUTH nullok DEBUG
+#if HAVE_LDAP
+auth		sufficient	pam_ldap.so use_first_pass
+#endif
+auth		required	pam_deny.so
  
+#if HAVE_LDAP
+account		sufficient	pam_ldap.so
+#endif
 account		required	pam_unix.so DEBUG
  
 #if HAVE_CRACKLIB
@@ -14,7 +21,11 @@
 #if HAVE_PASSWDQC
 password	required	pam_passwdqc.so min=8,8,8,8,8 retry=3
 #endif
-password	required	pam_unix.so try_first_pass AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG
+password	sufficient	pam_unix.so try_first_pass AUTHTOK nullok UNIX_EXTENDED_ENCRYPTION DEBUG
+#if HAVE_LDAP
+password	sufficient	pam_ldap.so use_first_pass AUTHTOK
+#endif
+password	required	pam_deny.so
  
 #if HAVE_LIMITS
 session		required	pam_limits.so DEBUG
@@ -31,4 +42,7 @@
 #if SUPPORT_UNIX_SESSION
 session		required	pam_unix.so DEBUG
 #endif
+#if HAVE_LDAP
+session		optional	pam_ldap.so
+#endif
 session		optional	pam_permit.so