Re: LDAP database timeout settings

["Matthew M. DeLoera" <mdeloera@exacq.com>]

AD has an inactivity/idle default timeout of 900 seconds. I suspect you can google to find the setting name, and where it's stored, in your AD server(s).

Hope that helps.

- Matthew

On Dec 10, 2012, at 8:35 PM, Bryce Powell wrote:

Having done some more research, it appears that Active Directory also has some settings that could result in disconnected connections. I experimented with idle-timeout set to 30 seconds for the LDAP databases, but this seemed to exacerbate the frequency of the errors. The behaviour exhibits as ‘dead’ connections, and LDAP does not appear to attempt to re-establish these connections. Using the CentOS distro of OpenLDAP 2.4.23

 

Here are the slapd.conf settings:

 

database                ldap

readonly                on

suffix                  "dc=xyz,dc=local"

#noundeffilter           yes

#use-temporary-conn      yes

uri                     "ldap://IP1/ ldap://IP2/ ldap://3/ ldap://IPn/"

 

 

database                ldap

readonly                on

suffix                  "dc=abc,dc=adroot,dc=abc,dc=bc,dc=ca"

#noundeffilter           yes

#use-temporary-conn      yes

uri                     "ldap://IP11/ ldap://IP12/ ldap://13/ ldap://IP1n/"

 

 

I have some rewrite rules for bindDN, searchEntryDN, searchAttrDN, matchedDN, but I don’t believe these settings are relevant to the issue at hand.

 

Essentially I want the connections to be re-established without generating errors.

 

Thanks

____________________________________________