Comment 138 for bug 423252

You can replace "pam_check_host_attr yes" with
  pam_authz_search (&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))
See the nslcd.conf manual page for more details (the 0.7 series doesn't have the fqdn value yet).

Btw, you can use libpam-ldap fine together with libnss-ldapd if you prefer.

Also note that nslcd is no replacement for nscd. nslcd doesn't do much caching and nscd (or unscd) can still be used to reduce the load on your LDAP server.

The only real things that are missing in nss-pam-ldapd are nested groups and LDAP password policies. Patches are welcome ;)