I'd like to shut down my individual load-balanced ldap servers gently so
that well-behaved users don't see errors by getting kicked off, but it
seems that there are some evil clients creating persistent connections by
reissuing a SRCH base="" scope=0 deref=0 filter="(objectClass=*)" just
under the idletimeout. The only other time limit I see that I can
configure is timelimit which, according to the man page, specifies the
"maximum number of seconds (in real time) slapd will spend answering a
search request"
Is there a way with OpenLDAP 2.2.23 to enable gentlehup and still be able
to guarantee that the server will eventually close all connections and
shut down one way or the other?