Unfortunately, we're more or less at the mercy of Red Hat when it comes
to the versions of packages that are included in their distribution. We
use a commercial version, not Fedora, for support reasons. In this
particular case, the fact that we were exceeding the default limit of
1024 file descriptors for select(2) resulted in pam_authenticate blocking
for up to four minutes, which is a huge problem in a production system,
enough to justify including a rebuilt RPM. Generally, JPam's use of
libldap is pretty simple -- just enough to bind and authenticate a user
-- so as long as that basic functionality works as desired, we should be
okay with 2.3.27. :-) If we're not, then we'll have to include our own
RPM.