OpenLDAP comes with a “slapd-passwd” backend that serves up the
information in the system /etc/passwd file through LDAP. However, it
is extremely limited: it doesn’t include /etc/group, or the actual
password information in /etc/shadow, so it can’t be used for much more
than “demonstration purposes only”, as per the man page.

So I wrote a better backend, which serves up all this user/group
information through LDAP <https://bitbucket.org/ldo17/serve_passwd>.
The conversion is modelled on the “migrationtools” package
<https://gitlab.com/future-ad-laboratory/migrationtools>, so it should
be similarly useful, except it is “live”: changes to those files will
be served up as they happen.

The backend itself needs to run as root, so it can read /etc/shadow.
Access to the information from this file is controlled by specifying a
special base DN: only clients authenticating via DNs with this suffix
will be shown the shadow information (or can use it for searching).
All clients are able to see the contents of /etc/passwd and
/etc/group.

Access to all of /etc/{passwd,group,shadow} is readonly for now. Maybe
I might feel brave enough to offer write access in the future.