should we use nss user for some queries?
In one of the latest updates I started using the admin user instead of the nss user to do all requests to ldap. nss is a user that has read-only rights, not all the queries can be done with it, but must of them can.
I'm not sure if for security is not advisable to use the nss account for the queries that don't require modifying the ldap server. But that will complicate a bit the deployment, requiring authentication for two different users.