It was really nice of sun to include all of this. It was extremely frustrating to not find documentation on Sun's web site, nor in the Answerbooks, etc, etc, rant rant rant.
Nobody should have to go through the pain I went through trying to get this to work. Using usenet and google searches, I got at least the NSS part working, so I could largely replace /etc/passwd with ldap, and I'm working on getting the PAM part working. [update: I have pam and nss working just great, it's all working superbly!] The following whitepaper, which I found through lots of deja searches, and not on www.sun.com for some reason is very helpful.
[update: there is now some information on sun's site at http://wwwwswest.sun.com/software/solutions/blueprints/1000/ldap-sol8.pdf.]