> Did you include nss_initgroups_ignoreuser in your /etc/ldap.conf? > > nss_initgroups_ignoreusers root,ldap > > Brgds Hi Benjamin, I tried that, but that just makes it hang upon the next service trying to start (in our case: a zabbix monitoring daemon running as zabbix/zabbix). It works, if I include the entire list of all "local" users/groups that can be ignored. However, that's not feasible when doing mass-deploys on varied systems. If there's a way to simply say "ignore all users with UID's < 500" that could be a work-around I can live with, but it doesn't appear there is. Regards, Mattias