# getent shadow cwhite
cwhite:*:15245::::::0

# cat /etc/pam.d/common-account 
#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system.  The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.
#

# here are the per-package modules (the "Primary" block)
account	[success=2 new_authtok_reqd=done default=ignore]	pam_unix.so 
account	[success=1 default=ignore]	pam_ldap.so 
# here's the fallback if no module succeeds
account	requisite			pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
account	required			pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

# /etc/init.d/nslcd stop
 * Stopping LDAP connection daemon nslcd                                                                                                                                                     [ OK ] 

FINALLY, after shutting down nslcd daemon...

root@nxpc:~# nslcd -d
nslcd: DEBUG: add_uri(ldap://raid3.ttinet)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,2)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/ssl/nxpc/cacert.pem")
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_CERTFILE,"/etc/ssl/nxpc/ldap.pem")
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_KEYFILE,"/etc/ssl/nxpc/ldap.key")
nslcd: version 0.8.4 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(137) done
nslcd: DEBUG: setuid(125) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=20642 uid=0 gid=0
nslcd: [8b4567] <sess_c="cwhite"> DEBUG: nslcd_pam_sess_c("cwhite","sshd",12345)
nslcd: [7b23c6] DEBUG: connection from pid=22634 uid=0 gid=0
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: myldap_search(base="dc=ttinet,dc=local", filter="(&(objectClass=ipHost)(ipHostNumber=10.x.x.x))")
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_initialize(ldap://raid3.ttinet)
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_start_tls_s()
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://raid3.ttinet")
nslcd: [7b23c6] <host=10.x.x.x> DEBUG: ldap_result(): end of results
nslcd: [3c9869] DEBUG: connection from pid=22634 uid=0 gid=0
nslcd: [3c9869] <shadow="cwhite"> DEBUG: myldap_search(base="dc=ttinet,dc=local", filter="(&(objectClass=shadowAccount)(uid=cwhite))")
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_initialize(ldap://raid3.ttinet)
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_start_tls_s()
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://raid3.ttinet")
nslcd: [3c9869] <shadow="cwhite"> DEBUG: ldap_result(): end of results
nslcd: [334873] DEBUG: connection from pid=22634 uid=0 gid=0
nslcd: [334873] <sess_o="cwhite"> DEBUG: nslcd_pam_sess_o("cwhite","sshd","ssh","10.x.x.x","")

the only ip address it seemed to log was the origination ip address (my workstation) which I replaced with 10.x.x.x