6.11. Adjusting the idle connection timeout
The nsslapd-idletimeout
attribute sets the amount of time in seconds after which an idle LDAP client connection is closed by the IdM server. A value of 0
means that the server never closes idle connections.
Red Hat recommends adjusting this value so stale connections are closed, but active connections are not closed prematurely.
Default value |
|
Valid range |
|
Entry DN location |
|
Conditions préalables
- Le mot de passe du gestionnaire de répertoire LDAP
Procédure
Retrieve the current value of the
nsslapd-idletimeout
parameter and make a note of it before making any adjustments, in case it needs to be restored. Enter the Directory Manager password when prompted.[root@server ~]# dsconf -D "cn=Directory Manager" ldap://server.example.com config get nsslapd-idletimeout Enter password for cn=Directory Manager on ldap://server.example.com: nsslapd-idletimeout: 3600
Modify the value of the
nsslapd-idletimeout
attribute. This example lowers the value to1800
(30 minutes).[root@server ~]# dsconf -D "cn=Directory Manager" ldap://server.example.com config replace nsslapd-idletimeout=1800
Authenticate as the Directory Manager to make the configuration change.
Enter password for cn=Directory Manager on ldap://server.example.com: Successfully replaced "nsslapd-idletimeout"
-
Monitor the IdM directory server’s performance. If it does not change in a desirable way, repeat this procedure and adjust
nsslapd-idletimeout
to a different value, or back to the default of3600
.
Verification steps
Display the value of the
nsslapd-idletimeout
attribute and verify it has been set to your desired value.[root@server ~]# dsconf -D "cn=Directory Manager" ldap://server.example.com config get nsslapd-idletimeout Enter password for cn=Directory Manager on ldap://server.example.com: nsslapd-idletimeout: 3600
Ressources supplémentaires
- nsslapd-idletimeout (Default Idle Timeout) in Directory Server 11 documentation