The 'shadow' database LDAP information shouldn't be needed on the hosts.
Showing LDAP entries via the 'getent shadow' command can be confusing on
unprivileged accounts, therefore the database will not be included in
NSS switch table by default.