Because we will have to apply a few patches, you will always have to compile and install nss_ldap from the source packages. Currently the version that I have tested is nss_ldap-197. The patches are also tested against this version. Get the package from http://www.padl.com. Configure with:
./configure --enable-paged-results --enable-rfc2307bis --enable-schema-mapping \ --with-ldap-lib=openldapPatching nss_ldap
For the patch, you will possibly need to alter the Makefile by adding the paths to Kerberos libraries and headers. This is done by altering DEFS, LIBS and LDFLAGS. This should be straightforward.
Then, to disable the SASL security layers and to make nss_ldap support the use of the cache file for the LDAP service ticket, you will need to apply the following patch. After this you can do 'make' and 'make install'