Index: en_US.ISO8859-1/articles/ldap-auth/article.xml
===================================================================
--- en_US.ISO8859-1/articles/ldap-auth/article.xml
+++ en_US.ISO8859-1/articles/ldap-auth/article.xml
@@ -448,6 +448,34 @@
 	correctly, then it will allow access.  Otherwise it will
 	fail.</para>
 
+      <para>Users whose shell is not in
+	<filename>/etc/shells</filename> will not be able to log in.
+	It is particularly important when
+	<application>bash</application> is set as the user shell on
+	the LDAP server.  <application>bash</application> is not
+	included with a default installation of &os;.  When installed
+	from a package or port, it is located at
+	<filename>/usr/local/bin/bash</filename>.  Verify that the
+	path to the shell on the server is set correctly:</para>
+
+      <screen>&prompt.user; <userinput>getent passwd <replaceable>username</replaceable></userinput></screen>
+
+      <para>There are two choices when the output shows
+	<literal>/bin/bash</literal> in the last column.  The first is
+	to change the user's entry on the LDAP server to
+	<filename>/usr/local/bin/bash</filename>.  The second option
+	is to create a symlink on the LDAP client so
+	<application>bash</application> is found at the correct
+	location:</para>
+
+      <screen>&prompt.root; <userinput>ln -s /usr/local/bin/bash /bin/bash</userinput></screen>
+
+      <para>Make sure that <filename>/etc/shells</filename> contains
+	entries for both <literal>/usr/local/bin/bash</literal> and
+	<literal>/bin/bash</literal>.  The user will then be able to
+	log into the system with <application>bash</application> as
+	their shell.</para>
+
       <sect3 xml:id="client-auth-pam">
 	<title>PAM</title>