Winbind - functionality

[Ondrej Valousek]

> If the problem was so easy that a simple nss_ldap invocation handled it
> properly, we would not have 'wasted' so much time on winbind.  It was
> developed for a very real reason.
>   
I agree with Andrew here - nss-ldap is a piece of crap for 2 reasons:
- the whole ldap library is loaded with every NSS library call
- no caching
- called in the user context, so can not use machine credentials to 
access AD
- extra configuration needed

All these problems are hopefully to be solved with the upcoming 
nss-ldapd but it is not stable enough yet. So I vote for winbind, too.
The only problem with winbind is (as I already mentioned) limited system 
databases support (to passwd and group)...