Comment 83 for bug 155947

I believe that "soft" is a better default for nss_ldap. FWIW, Mandriva has been using this patch for quite a while now:
http://svn.mandriva.com/cgi-bin//viewvc.cgi/packages/cooker/nss_ldap/current/SOURCES/nss_ldap-250-bind_policy_default_soft.patch?revision=5975&view=markup

However, I note that the Debian changelog of the libnss-ldap package has this entry:
libnss-ldap (251-4) unstable; urgency=low

  * Added system which implicitly sets bind_policy to 'soft'
    during system boot/shutdown. This is implemented by an
    init script run at end of system boot and start of system
    shutdown which creates/removes a file in /var/lib/libnss-ldap
    called 'bind_policy_soft'. When this file exists the policy
    is treated as 'soft' regardless of the configuration in
    /etc/nss-ldap.conf. Note that soft doesn't mean 'always
    fail' but rather only try to connect to each URI listed in
    the configuration file once, with no sleeping.
    Closes: #375077, #375215

I don't know what to make of that yet. I will try to get a system running this afternoon with ldap, nss_ldap, etc and a notebook client and see what happens.