Comment 3 for bug 94775

From dpkg-reconfigure:
If you use passwords in your libnss-ldap configuration, it is usually a good idea to have the configuration set with mode 0600 (readable and writable only by the file's owner).

Note: As a sanity check, libnss-ldap will check if you have nscd installed and will only set the mode to 0600 if nscd is present.

Make the configuration file readable/writeable by its owner only?

So there is an option here to make it 600 or 644 - I do not really know what is the default value. Anyway, I think this bug can be closed - users have ability to make it 644 using dpkg-reconfigure (with some reasonable explanation). But before closing it - could you please make sure that default value is 644 so other people would not send you similar complains.

Thanks a lot for the help.