* fix a buffer overflow that should have no security consequences * perform proper fail-over when authenticating in the PAM module (closes: #577593) * add an nss_initgroups_ignoreusers option to ignore user name to group lookups for the specified users * add an pam_authz_search option to perform a flexible authorisation check on login (e.g. to restrict which users can login to which hosts, etc) * implement a minimum_uid option for the PAM module to ignore users that have a lower numeric user id and make 1000 the default value for Debian (closes: #579574) * change the way retries are done to error out quicker if the LDAP server is down for some time (this should make the system more responsive when the LDAP server is unavailable) and rename the reconnect_maxsleeptime option to reconnect_retrytime to better describe the behaviour * only log "connected to LDAP server" if the previous connection failed (closes: #483795) * documentation improvements * debian/nslcd.config: also parse /etc/ldap.conf for systems that put NSS and PAM configuration there