Comment 44 for bug 1024475

I have upgraded a 16.04 system which worked/booted perfectly with libnss-ldap being used by nsswitch for passwd, shadow and groups to 17.10. The system took a long time to boot, could not bring up networking properly (running dhclient in 90 second intervals, possibly a timeout) and could not start systemd-logind.

After using nss_initgroups_ignoreusers as stated by Graham Eames in #14 and adding a new line as suggested by Thomas Werschlein in #24, the system started bhaving normally again.

You can use the following command, which I stole from stackexchange, to populate the nss_initgroups_ignoreusers paramter automatically:
#NSS_IGNOREUSERS="$(cut -d: -f1 /etc/passwd | sort | tr '\n' ',' | sed 's|,$||')"
#sed -i "s|^nss_initgroups_ignoreusers.*|nss_initgroups_ignoreusers ${NSS_IGNOREUSERS}|" /etc/ldap.conf

However you will have to add a new line afterwards!

In short: This issue affects 17.10, too.

Suggestion: libnss-ldap should have a paramter which makes it check the passwd/group files and using names which are in there in the nss_initgroups_ignoreusers paramter automatically. This should also be the default configuration, since systemd is the default also.