Discussion on irc and phone resulted in the following solution:
Add a new configuration option 'nss_initgroups_ignoreusers_below_uid' (or similar) and have it default to '1000'. This option will be configurable in /etc/ldap.conf. Admins can adjust this to be any valid uid.
Discussion on irc and phone resulted in the following solution:
Add a new configuration option 'nss_initgroups _ignoreusers_ below_uid' (or similar) and have it default to '1000'. This option will be configurable in /etc/ldap.conf. Admins can adjust this to be any valid uid.