Hi,
I have configured two LDAP backend databases, each pointing to a difference Active Directory domain (multiple domain controllers specified per domain). After a period of time after slapd starts, the ldap log file shows multiple entries like this for the
various connections (conns=nnnn):
Dec 10 13:18:03 vmxxxldap01 slapd[7826]: conn=1004 op=27 SEARCH RESULT tag=101 err=1 nentries=0 text=000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
Without going into too much detail regarding the configuration, I’m wondering if I need to specify LDAP database configuration settings for:
idle-timeout
network-timeout
man slapd-ldap:
idle-timeout <time>
This directive causes a cached connection to be dropped an recreated after it has been idle for the specified time.
network-timeout <time>
Sets the network timeout value after which poll(2)/select(2) following a connect(2) returns in case of no activity. The value is in seconds, and it can be specified as for idle-timeout.
I don’t understand the explanation for network-timeout though, and am hoping someone can kindly explain it in more detail, and suggest a scenario for its appropriate usage.
Also, when is it appropriate to use the ldap.conf NETWORK_TIMEOUT setting?
man ldap.conf:
NETWORK_TIMEOUT <integer>
Specifies the timeout (in seconds) after which the poll(2)/select(2) following a connect(2) returns in case of no activity.
Could someone please suggest the best approach for my use case? Of course, I might also be completely off the mark here …
Thanks
Bryce Powell