Configure by default to fail, quickly, requests for supplemental group
information for "root", "ldap", and assorted other users as whom services
run or who are mentioned by the DBus configuration.  This patch will never
be pretty.

--- pam_ldap-180/ldap.conf	2005-08-17 18:35:13.000000000 -0400
+++ pam_ldap-180/ldap.conf	2006-02-09 14:14:05.000000000 -0500
@@ -177,6 +177,9 @@
 #nss_base_aliases	ou=Aliases,dc=padl,dc=com?one
 #nss_base_netgroup	ou=Netgroup,dc=padl,dc=com?one
 
+# Just assume that there are no supplemental groups for these named users
+nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm,polkituser,rtkit,pulse
+
 # attribute/objectclass mapping
 # Syntax:
 #nss_map_attribute	rfc2307attribute	mapped_attribute