nslcd优于sssd的主要(情境)优势是您可以编写带参数替换的自定义authz查询：

pam_authz_search FILTER
          This option allows flexible fine tuning of the authorisation check that should be performed. The search filter specified is executed and if  any  entries
          match,access is granted,otherwise access is denied.

          The  search  filter can contain the following variable references: $username,$service,$ruser,$rhost,$tty,$hostname,$dn,and $uid.  These references
          are substituted in the search filter using the same Syntax as described in the section on attribute mapping expressions below.

          For example,to check that the user has a proper  authorizedService  value  if  the  attribute  is  present:  (&(objectClass=posixAccount)(uid=$username)
          (|(authorizedService=$service)(!(authorizedService=*))))

          The default behavIoUr is not to do this extra search and always grant access.

我最后一次检查sssd文档(在过去六个月内),仍然没有替换此功能.所以这真的取决于这个功能是否足够重要,以撇开sssd整合解决方案的好处.