Comment 2 for bug 1074213

Just to be clear: nslcd is not a replacement for nscd. It does not do caching.

The "Can't contact LDAP server" messages can happen when an existing connection to the LDAP server is terminated for some reason. One common cause for this is networking timeouts in a firewall or a idle timeout in the LDAP server.

Using idle_timeout is a good approach to close the connection cleanly before it times out.

Debian bug #483795 is about another message that was logged when (re)connecting to the LDAP server (the "connected to LDAP server" messages). These messages should now only be logged when the previous connection failed.