Howard: I really agree that the libnss-ldapd design is much cleaner and a better alternative in the long run (e.g., doing client certificates with libnss-ldap would be "interesting"). However, the documented way [1] of using ldap for authentication uses libnss-ldap, so this should be supported or the documentation needs to be changed. Besides, I think a lot of organizations would be hesitant to migrate to libnss-ldapd.
Howard: I really agree that the libnss-ldapd design is much cleaner and a better alternative in the long run (e.g., doing client certificates with libnss-ldap would be "interesting"). However, the documented way [1] of using ldap for authentication uses libnss-ldap, so this should be supported or the documentation needs to be changed. Besides, I think a lot of organizations would be hesitant to migrate to libnss-ldapd.
https:/ /help.ubuntu. com/9.10/ serverguide/ C/openldap- server. html