So maybe somebody has a suggestion for me.

I've set up a fedora-ds v 1.1 on cent 5.2 recently. I'm trying to start using
this machine as a central authentication server to begin with. I've got
a setup where users can authenticate against the ldap server and mount
their home directories using information stored in autofs / automount dn's.

This all works just fine.

If I allowed my users to authenticate against the ldap server from their
workstations, they could authenticate, and mount their remote home directory
just as expected.

The problem is, user1 can potentially fire up his workstation, authenticate
locally as root and simply issue an "su -l user2". This will work and now user1
has rw- on user2's home directory...

What to do...