probably before we can call this stable
---------------------------------------
* implement _nss_ldap_initgroups_dyn()
* clean up and refactor ldap server code
* fix usage of strerror() as it is not thread safe
* error out quickly when the LDAP server is down
* fix race condition when setting signal mask in common/tio.c
* find problem with reachability of LDAP server
* get root/nonroot connections working properly
* fix a problem with spaces in DNs in configfile (base and binddn keywors)

other items
-----------
* set up (test) connection to LDAP server before creating socket
* Debian packaging: maybe remove stuff from /etc/nsswitch.conf on remove or
  purge (maybe prompt?)
* support IPv6 in name (host address) lookups
* probably document that you should use libpam-ldap for authentication without
  exposing the passwords through NSS
* make a test suite (instructions for setting up environment (server), LDIF
  file, nsswitch.conf and nss-ldapd.conf)
* write more unit tests
* maybe support bootparams (check README also)
* maybe support publickey (check README also)
* maybe support netmasks (check README also)
* reserve some threads in the server for root users (probably set up
  connection pools) (we currently have a connection per thread)
* add sanity checking code (e.g. not too large buffer allocation and checking
  that host, user, etc do not contain funky characters) in all server modules
* implement running under a different uid/gid (maybe chroot jail)
* maybe remove dh_makeshlibs from debian/rules (probably not needed)
* include a generic init script
* log some statistics: "passwd=100 shadow=10 host=20 rpc=10" (10 req/minute)
* in the server: once the request is done pass the flushing of the buffers to
  a separate thread so our workers are available to handle new requests
* reconfigure or upgrade of Debian package should restart nslcd instead of
  stop and later on start
* tune the filter and parameter buffer sizes
* in mkfilter_*() functions: add some check to see if the filter fits and log
  an error (also see to it that the caller exists (e.g. declare return value
  as must use))
* update online documentation
* maybe document how to set up automounting in LDAP (Linux and Solaris)
* make sure to translate timelimit 0 into timelimit -1 where needed
* split out idle checking into separate function so we may be able to call it
  periodically from elsewhere (e.g. the main loop)
* add an option to create an extra socket somewhere (so it may be used with
  chroot jails)
* make number of thread configurable in config
* make I/O timeout between NSS lib and daemon configurable at configure
* check for memory leaks