6.11. Adjusting the idle connection timeout
The nsslapd-idletimeout attribute sets the amount of time in seconds after which an idle LDAP client connection is closed by the IdM server. A value of 0 means that the server never closes idle connections.
Red Hat recommends adjusting this value so stale connections are closed, but active connections are not closed prematurely.
| Default value |
|
| Valid range |
|
| Entry DN location |
|
Conditions préalables
- Le mot de passe du gestionnaire de répertoire LDAP
Procédure
Retrieve the current value of the
nsslapd-idletimeoutparameter and make a note of it before making any adjustments, in case it needs to be restored. Enter the Directory Manager password when prompted.[root@server ~]# dsconf -D "cn=Directory Manager" ldap://server.example.com config get nsslapd-idletimeout Enter password for cn=Directory Manager on ldap://server.example.com: nsslapd-idletimeout: 3600Modify the value of the
nsslapd-idletimeoutattribute. This example lowers the value to1800(30 minutes).[root@server ~]# dsconf -D "cn=Directory Manager" ldap://server.example.com config replace nsslapd-idletimeout=1800Authenticate as the Directory Manager to make the configuration change.
Enter password for cn=Directory Manager on ldap://server.example.com: Successfully replaced "nsslapd-idletimeout"-
Monitor the IdM directory server’s performance. If it does not change in a desirable way, repeat this procedure and adjust
nsslapd-idletimeoutto a different value, or back to the default of3600.
Verification steps
Display the value of the
nsslapd-idletimeoutattribute and verify it has been set to your desired value.[root@server ~]# dsconf -D "cn=Directory Manager" ldap://server.example.com config get nsslapd-idletimeout Enter password for cn=Directory Manager on ldap://server.example.com: nsslapd-idletimeout: 3600
Ressources supplémentaires
- nsslapd-idletimeout (Default Idle Timeout) in Directory Server 11 documentation
