From cc346a5ecf3f85fa2b93e3c228de28066be85eaf Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Mon, 21 Jan 2008 18:22:51 +0000
Subject: [PATCH] mention --with-nsswitch=no

---
 README.LDAP | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.LDAP b/README.LDAP
index 83715d188..89ed6daf9 100644
--- a/README.LDAP
+++ b/README.LDAP
@@ -158,7 +158,11 @@ imported the sudoers ldif data.
 
 After configuring /etc/ldap.conf, you must add a line in /etc/nsswitch.conf
 to tell sudo to look in LDAP for sudoers.  See the "Configuring nsswitch.conf"
-section in the sudoers.ldap manual for details.
+section in the sudoers.ldap manual for details.  Note that sudo will use
+/etc/nsswitch.conf even if the underlying operating system does not support it.
+To disable nsswitch support, run configure with the --with-nsswitch=no option.
+This will cause sudo to consult LDAP first and /etc/sudoers second, unless the
+ignore_sudoers_file flag is set in the global LDAP options.
 
 Debugging your LDAP configuration
 =================================