if I not mistaken once you use ldap to authenticate your system, the local user won't able to authenticate your sistem anymore. About the admin user inside ldap have high permission, probably because of your previous setting. I'd not yet implement ldap to manage entire enterprise, so below is only a possible reason:-
-Before set the PAM and nsswitch.conf, open 1 terminal and login as root (standby)
-using openldap + ssl for authentication (as I mentioned just now, after this not able to authenticate local userm include root)
-try using ldap user login
-after you able to login successfully, at terminal which you open just now, type visudo and let admin have all permission(At this momment, admin user can assume as root user, because we still need a superuser)
-or, probably the admin uid=0 inside ldap, which same with local root
So, above is the my opinion why this happening, and I really not very sure yet.
The conclusion is, local user no longer use for authentication, the super user 'admin' in your sistem is replacement for 'root'.
Regarding the security, sure you need to have a good network infrastructure like ssl, kerberos, lv3 switch, latest patches and etc, tight ldap permission and authorisation.
Am I answering your question?