Thank you.

Another question relates to offline caching. I've testing it and it has been working well. However I've seen a situation where credentials are not used in offline mode. I've used iptables to simulate an unreachable ldap server by blocking port 636.

Here is what I see in such a situation http://pastebin.com/q1CNzPNL

It seems to retry a few time to access the ldap server and to fail without trying to use cached passwords