Comment 6 for bug 644632

TEST CASE (based on comment #84 from bug #155947):
1. apt-get install ldap-auth-client # pulls in libnss-ldap

2. configure ldap to use (via debconf):
ldap://127.0.0.1/
root requires a password: 'no'
everything else defaults

3. verify on fresh install nss_initgroups_ignoreusers is not present:
$ cat /etc/ldap.conf |grep "^nss" || echo "ok"
ok

4. run /etc/init.d/libnss-ldap stop and verify it populated ldap.conf
$ sudo /etc/init.d/libnss-ldap stop
 * Running nssldap-update-ignoreusers... [ OK ]
$ cat /etc/ldap.conf |grep "^nss"
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,couchdb,daemon,games,gdm,gnats,haldaemon,hplip,irc,kernoops,libuuid,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,uucp,www-data

5. add to /etc/ldap.conf the following:
nss_initgroups_okusers uucp,www-data

6. run /etc/init.d/libnss-ldap stop and verify it updated ldap.conf correctly:
$ sudo /etc/init.d/libnss-ldap stop
 * Running nssldap-update-ignoreusers... [ OK ]
$ cat /etc/ldap.conf |grep "^nss"
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,couchdb,daemon,games,gdm,gnats,haldaemon,hplip,irc,kernoops,libuuid,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux

The groups listed were in a VM with ubuntu-desktop installed on Lucid. To properly test this, the groups listed in step '5' should be compared with the old libnss-ldap and the proposed libnss-ldap to make sure that the groups are the same.