On Wed, Mar 07, 2018 at 11:08:05PM +0100, Sven Hartge wrote:
> This is why you use libpam-ldapd (instead of libpam-ldap) in combination
> with libnss-ldapd (instead of libnss-ldap).
> Its design with a separate daemon (nslcd) doing the actual LDAP
> connection is far superior compared to the original lib*-ldap code.
> It also means that libldap itself is only mapped into the central
> server process and not into every process on the system.
Personally, I found sssd (along with libpam-sss and libnss-sss) to be
much better behaved.
Roberto C. Sánchez