Comment 1 for bug 1605167

I would strongly recommend against putting system users (e.g. tomcat user) in LDAP. Especially it is difficult to this right during boot and shutdown. The default configuration of nss-pam-ldapd also filters uids < 1000 out of queries to avoid this.

The reason that some services are listed in nslcd's init script in X-Start-Before is that those services (can) use normal user accounts. For example if a mail server would be started before nslcd is available mail could be rejected.