The patch itself doesn't support LDAP directly, but through the NSS library, so the query will be determined by the configuration of if libnss-ldap or libnss-ldapd packages.
So, to answer your query, it only supports POSIX/unix groups that it is a member. In most circumstances this will be where memberUid includes the username in question.
The primary group is a good point, I may have to update the patch to include that. (Coffee is needed first)
Allowing automatic addition to local groups based on groupOfNames would not necessarily be a bad thing, though that functionality would belong in libnss-ldap[d] or libpam-ldap.
The patch itself doesn't support LDAP directly, but through the NSS library, so the query will be determined by the configuration of if libnss-ldap or libnss-ldapd packages.
So, to answer your query, it only supports POSIX/unix groups that it is a member. In most circumstances this will be where memberUid includes the username in question.
The primary group is a good point, I may have to update the patch to include that. (Coffee is needed first)
Allowing automatic addition to local groups based on groupOfNames would not necessarily be a bad thing, though that functionality would belong in libnss-ldap[d] or libpam-ldap.