[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP database timeout settings



AD has an inactivity/idle default timeout of 900 seconds. I suspect you can google to find the setting name, and where it's stored, in your AD server(s).

Hope that helps.

- Matthew


On Dec 10, 2012, at 8:35 PM, Bryce Powell wrote:

Having done some more research, it appears that Active Directory also has some settings that could result in disconnected connections. I experimented with idle-timeout set to 30 seconds for the LDAP databases, but this seemed to exacerbate the frequency of the errors. The behaviour exhibits as ‘dead’ connections, and LDAP does not appear to attempt to re-establish these connections. Using the CentOS distro of OpenLDAP 2.4.23
 
Here are the slapd.conf settings:
 
database                ldap
readonly                on
suffix                  "dc=xyz,dc=local"
#noundeffilter           yes
#use-temporary-conn      yes
uri                     "ldap://IP1/ ldap://IP2/ ldap://3/ ldap://IPn/"
 
 
database                ldap
readonly                on
suffix                  "dc=abc,dc=adroot,dc=abc,dc=bc,dc=ca"
#noundeffilter           yes
#use-temporary-conn      yes
uri                     "ldap://IP11/ ldap://IP12/ ldap://13/ ldap://IP1n/"
 
 
I have some rewrite rules for bindDN, searchEntryDN, searchAttrDN, matchedDN, but I don’t believe these settings are relevant to the issue at hand.
 
Essentially I want the connections to be re-established without generating errors.
 
Thanks
____________________________________________