* write more unit tests
* add sanity checking code (e.g. not too large buffer allocation and checking
  that host, user, etc do not contain funky characters) in all server modules
* log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute)
* add an option to create an extra socket somewhere (so it may be used in
  chroot jails)
* make I/O timeout between NSS lib and daemon configurable with configure
* protocols/rpc: the description attribute should be used as an alias?
* maybe rate-limit LDAP entry warnings
* setnetgrent() may need to return an error if the netgroup is undefined
* handle repeated calls to getent() better
  (see http://bugzilla.padl.com/show_bug.cgi?id=376)
* make it possible to start nslcd real early in the boot process and have
  it become available when it determines it can (other timeout/retry mechanism
  on startup)
* implement requesting and handling password policy information when binding
  as a user (see pam_ldap)
* implement nested groups
* implement other services in nslcd: sudo and autofs are candidates
* complete pynslcd implementation
* implement chsh and chfn in nslcd PAM code and make chsh.ldap and chfn.ldap
  binaries
* have nslcd flush the nscd caches when reconnecting to the LDAP server after
  an error
* add a max uid option for PAM module
* support changing Samba password attributes on password change
* while running NSS tests, check if nscd isn't running
* implement keepalives on the LDAP connection