Index: article.xml
===================================================================
--- article.xml
+++ article.xml
@@ -448,6 +448,39 @@
 	correctly, then it will allow access.  Otherwise it will
 	fail.</para>
 
+      <para>Make sure that the shell set for the LDAP user is
+	available in <filename>/etc/shells</filename>.  If not, the
+	user will not be able to log in.  This is especially true when
+	<application>bash</application> is set as the users shell on
+	the LDAP server.  &os; does not contain
+	<application>bash</application> in a default installation.
+	After installing it from ports <application>bash</application>
+	is available from ports in the path
+	<filename>/usr/local/bin/bash</filename>.  Check the path to
+	the users shell on the server using the following
+	command:</para>
+
+      <screen>&prompt.user; <userinput>getent passwd <replaceable>username</replaceable></userinput></screen>
+
+      <para>If the output of the above command shows
+	<literal>/bin/bash</literal> in the last column, you have two
+	choices.  The first one is to change the entry on the LDAP
+	server for this user to
+	<filename>/usr/local/bin/bash</filename>.  If that is not
+	possible, then, as the second option, create the following
+	symlink on the LDAP client so that
+	<application>bash</application> on &os; will be found in the
+	correct path:</para>
+
+      <screen>&prompt.root; <userinput>ln -s /usr/local/bin/bash /bin/bash</userinput></screen>
+
+      <para>Additionally, make sure that
+	<filename>/etc/shells</filename> contains entries for both
+	<literal>/usr/local/bin/bash</literal> and
+	<literal>/bin/bash</literal>.  After that, the user should be
+	able to log into the system with
+	<application>bash</application> as the users shell.</para>
+
       <sect3 xml:id="client-auth-pam">
 	<title>PAM</title>