We've had reports that nslcd may not fail over if the connection to an LDAP server is using TLS.
So, since sssd works now and does not let people log in with SSH keys when they are locked out, and there are so many problems with nscd and RHEL 7, this is not worth fixing according to trevor.
Users should be using sssd.
nscd has so many problems in Version 7, including locking users out that we are not going to try to fix this. Users should use sssd.