I wish, but this is a nasty hole. Because it's trusted by default, the LDAP server can specify mountpoints on your box, which means I can run any arbitrary code I like by mounting my filesystem overtop yours. I can set up a root crontab job that starts up my code automatically, like enabling SSH, even if you've disabled it, and at that point, I've got a root login available to me, even if you don't - and odds are, you'd never notice what I was up to. All I have to do is sit back and wait for you to reboot to take my configuration instead of yours.