Can someone tell me what nam is doing to communicate with edir via
settings in nam.conf? I'm interested in what credentials nam is using to
authenticate to edir after LUM is configured. In nam.conf we specify the
IP of a valid LDAP server for the preferred-sever entry and a valid admin
account for the adminFDN entry. When LUM is originally configured the
admin password is specified, but is that stored somewhere for later use -
or is that only used during LUM configuration?

Also, it appears PUBLIC is used to allow LUM to function properly (if no
proxy account is specified in nam.conf). But the LDAP Server Group our
LDAP server is in has been configured to use a proxy account (not a real
account with a password - a proxy acount with a blank password). When
that LDAP server is contacted by nam what account is used to communicate
with edir? The Public user; or the proxy account specified in the Server
Group settings...?

We're seeing LUM break - no edir accounts showing from a 'getent passwd'
and wondering if monkeying with LDAP Server Group settings has any bearing
on this. We are not specifying a proxy user in nam.conf.