Comment 1 for bug 841660

nss-pam-ldapd has reasonably strict checking of user and group names to avoid problematic users existing by accident on the system. Version 0.8.2 introduces the validnames option that allows you to set a regular expression that will be used to filter valid names.

Note that nslcd is completely separate from nscd. libnss-ldapd requires nslcd and recommends nscd to ease the load on the LDAP server. libnss-ldap doesn't use nslcd and also recommends nscd for the same reason.