We run a few ldap servers (RH5, openldap 2.3) for our Linux systems to authenticate against. Using the netstat command we notice that a large number of established connections are always present on our ldapservers. We currently do not use idle_timelimit in any of the client ldap.conf files and we also do not use idletimeout in slapd.conf on our servers. We have seen a few remarks stating that if idletimeout is used in slapd that it may adversely affect replications.
We are trying to decide if we should use the server based idletimeout or the client idle_timelimit to close the idle connections. Any recommendations? If so, what are some sane values to start with?
We currently do not use ncsd on the clients, but are considering it if that makes a difference in the above settings.