nss_ldap is using /etc/ldap.conf and openldap is using /etc/openldap/ldap.conf. So you have to edit 2 files with the same content. I think both apps should use the same file. Reproducible: Always Steps to Reproduce: 1. 2. 3.
/etc/ldap.conf configures how nss_ldap should authenticate against a ldap server, resolve hosts, etc. (e.g. base dn, if you use rfc2307bis contexts or something different, bind dn and password for retrieving passwords). So it contains sensitive information which should only be accessible by the administrator. /etc/openldap/ldap.conf configures the behaviour of client apps only (server to use, connect options - like client certificates, base search dn, etc.) It contains _no_ information, how clients should interpret information stored on the server. For any client apps may use it, its world readable and should not be merged with /etc/ldap.conf for security reasons. So it's not a bug, it's a feature ;-)
closing, not a bug. thanks for the good explaination holger.