Description of problem:
In RHEL 6 (and earlier), if you had multiple applications using pam-ldap and each application was authenticating against different ldap servers (with unique binddn accounts, search bases, urls, etc.) you could point the application to a file in /etc/pam.d/.  In that file inside /etc/pam.d/ you could have a line like the following:

auth       required     pam_ldap.so config=/etc/ldap.conf.d/ldapconfig1.conf

The next application could have its own file in pam.d with a line like:

auth       required     pam_ldap.so config=/etc/ldap.conf.d/ldapconfig2.conf

etc.

This allowed each application to have completely different ldap configurations.
Now, it appears that in RHEL 7, all of this information must exist in a single configuration file: /etc/nslcd.conf.  This prevents the ability to use multiple configurations.  Is there another way to accomplish the setup that was allowed in RHEL 6 and earlier?

If I create a file in /etc/pam.d like this:
auth       required     pam_ldap.so config=/etc/ldap.conf.d/ldapconfig1.conf

I will get the following error in /var/log/secure:
"unknown option: config=/etc/ldap.conf.d/ldapconfig1.conf"


Version-Release number of selected component (if applicable): 0.8.13


How reproducible:
Create the config option line on a RHEL 7 server, similar to this:
auth       required     pam_ldap.so config=/etc/ldap.conf.d/ldapconfig1.conf

There doesn't appear to be a way to have multiple ldap configurations in nslcd.conf and the "config" option line appears to have been removed.



Steps to Reproduce:
1. Try to use "config=" argument in a pam ldap file in /etc/pam.d/
2. Try to use multple ldap configs in /etc/nslcd.conf

Actual results:

"unknown option: config=/etc/ldap.conf.d/ldapconfig1.conf"


Expected results:
There should be a way to use multiple ldap authentication configurations on a single server.


Additional info: