I've noticed some auth.log entries that suggest that lab machines are constantly connected to the ldap server and other entries that suggest that there is a problem with the apparmor configuration (entries that include apparmor=DENIED and refer to mkdor and telepathy). I believe I've sorted it out, though.

In the first case I've discovered that nslcd DOES stay connected to the server. So, I've added a line to /etc/nslcd.conf that says:

idle_timelimit 60

which should close the ldap connection after 60 seconds. There are other timeouts in the same class that I may need to use, but this looks like the best first choice.

In the second case, there are 'tunables' in apparmor that should be adjusted in cases like ours - specifically, using non-standard home directory locations. In the file '/etc/apparmor.d/tunables/home' I've edited the line that looks like this:

@{HOMEDIRS}=/home/

to look like this:

It appears that both problems have gone away, at least so far. Fingers croseed.

@{HOMEDIRS}=/home/ /home/netlink/

refs:
https://wiki.ubuntu.com/DebuggingApparmor#Adjusting_Tunables
http://arthurdejong.org/nss-pam-ldapd/nslcd.conf.5