wow - you got this all working on FC-1 without understanding all these things?
I actually have a pretty good grip on LDAP -- it's been my login system on my home network for a solid two years, and I also have it running at my office. I wrote in because I was really frustrated that seemingly every troubleshooting avenue I tried led me to nowhere.
Thankfully, I actually figured out the problem. First, I need to sleep more than 5 hours in any given 48-hour period. Second "disallow bind_anon" will successfully hide "getent passwd" results if there is no bind dn set.
Obvious in its own not-so-obvious-when-you're-really-tired kinda way.
I should have caught that, but sometimes it's the really easy fixes that screw you up the worst. :(
Make life easy on yourself at first. Comment out the complexities and then add them back in after you get things working so you can gauge the effect of each change...
comment out disallow anon_bind & security statements
I had actually done all of your suggestions with the exception of commenting out "disallow bind_anon". It figures.
I really appreciate your willingness to help, and all of your great suggestions. I wish I would have written sooner, because you nailed it!
The server's up so it's bedtime for me!
Aloha, Chris