[nssldap] Difference between NSS-LDAP and PAM_LDAP

["Sven.Bettscheider" <Sven.Bettscheider [at] gmx.de>]

The Goal of my work will be, that different Services could be authenticate
successful trough PAM over different Ldap Server.

Example:

squid Service: /etc/pam.d/squid

auth        required       pam_env.so
auth        sufficient     pam_unix.so likeauth nullok
auth        sufficient     pam_ldap.so config=/etc/pam_server1_ldap.conf
use_first_pass
auth        sufficient     pam_ldap.so config=/etc/pam_server2_ldap.conf
use_first_pass
auth        required       pam_deny.so

account     required       pam_unix.so broken_shadow
account     sufficient     pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore]  pam_ldap.so
config=/etc/pam_server1_ldap.conf
account     [default=bad success=ok user_unknown=ignore]  pam_ldap.so
config=/etc/pam_server2_ldap.conf
account     required       pam_permit.so

password    sufficient     pam_unix.so nullok use_authtok md5 shadow
password    sufficient     pam_ldap.so config=/etc/pam_server1_ldap.conf
use_authtok
password    sufficient     pam_ldap.so config=/etc/pam_server2_ldap.conf
use_authtok
password    required       pam_deny.so

session optional       pam_ldap.so config=/etc/pam_server1_ldap.conf
session optional       pam_ldap.so config=/etc/pam_server2_ldap.conf


The Proplem at the moment is, that i can define different Config Files for
PAM_LDAP. But the NSS-LDAP module reads only the /etc/ldap.conf. If is
possible to define different Config Files for NSS_LDAP.

If it possible to declare two different Server for PAM_LDAP?
Man Page for pam_ldap says:
config=<path>
              Specifies that pam_ldap should use the configuration file in
path instead of ldap.conf to retrieve its  global  configuration. 
Configuring multiple instances of pam_ldap for the same service with
different configuration files is not supported, because the configuration
information is cached.


Why i need the NSS-LDAP Module for authenticate?