diff -up nss-pam-ldapd-0.8.13/nslcd/myldap.c.avoid_lockout_on_bad_password nss-pam-ldapd-0.8.13/nslcd/myldap.c
--- nss-pam-ldapd-0.8.13/nslcd/myldap.c.avoid_lockout_on_bad_password 2017-10-24 12:04:22.275105596 +0200
+++ nss-pam-ldapd-0.8.13/nslcd/myldap.c 2017-10-24 12:04:39.355175121 +0200
@@ -967,6 +967,13 @@ static int do_retry_search(MYLDAP_SEARCH
/* try to start the search */
pthread_mutex_unlock(&uris_mutex);
rc=do_try_search(search);
+ /* if we are authenticating a user and get an error regarding failed
+ password we should error out instead of trying all servers */
+ if ((search->session->binddn[0] != '\0') && (rc == LDAP_INVALID_CREDENTIALS))
+ {
+ do_close(search->session);
+ return rc;
+ }
if (rc==LDAP_SUCCESS)
{
pthread_mutex_lock(&uris_mutex);