Comment 8 for bug 874307

Fridtjof: Found a workaround. It's to remove libnss-ldap and use libnss-ldapd instead. This appears to be related to the privileges libgcrypt ends up with, causing it to fail with direct connections. The daemon supplied with libnss-ldapd (and libpam-ldapd) doesn't drop these privileges. Still should be regarded as a bug with libgcrypt, though.