/etc/openldap/ldap.conf is the config file for OpenLDAP's libldap. It has
nothing to do with pam_ldap or nss_ldap. Any PAM or NSS-specific config
directives here will simply be ignored. pam_ldap and nss_ldap use their own
config file /etc/ldap.conf. It is unfortunate that they use such confusing
file naming conventions in default installations but such is life. At Symas
we configure pam_ldap and nss_ldap to use /opt/symas/etc/nsspam.conf instead,
to make it more clear that it is a separate, dedicated config file. Note that
this sort of problem is not an OpenLDAP issue; it is a pam_ldap and nss_ldap
issue, and really doesn't belong here. It may even be a Frequently Asked
Question, but it still doesn't belong here. Also note, if you were using
Symas binaries, you would never face this kind of ambiguity and you would
never have these problems.