If I understand you correctly your first problem is that if someone has the same user id on their machine and on the LDAP server they only log on locally, not via LDAP. This is unchangeable as the search order in Directory Access requires that the local netinfo directory is searched before anything else.

Therefore the only way to fix this is to never have the same user id in both places. I suggest that you have a fixed user id for the local user on all machines (I use 'local' for an ordinary user and 'admin' for the admin user) or alternately use a different variation of the users name for the local id (I have used their first name and last initial for this - i.e. I'm tonyw on the local machine and tony_williams on the LDAP server).

For your second problem it appears that you have run into the problems in Apple's Workgroup Admin application, Address Book and LDAP. As I have said several times in these two articles the integration of these is seriously flawed. The major problem is that Workgroup Admin doesn't populate the right fields with the right information and in the case of the 'sn' container shoves the number '99' into every user.

The first perl script in this second article is designed to fix the information. You need to have the 'givenName', 'sn', 'cn' and 'mail' fields filled in properly in each user record for them to be searched properly in Address Book. Read both articles again while taking a close look at your user records in phpLDAPadmin and you should see where your problem is.

Tony Williams