Hi,

 

I have configured two LDAP backend databases, each pointing to a difference Active Directory domain (multiple domain controllers specified per domain). After a period of time after slapd starts, the ldap log file shows multiple entries like this for the various connections (conns=nnnn):

 

Dec 10 13:18:03 vmxxxldap01 slapd[7826]: conn=1004 op=27 SEARCH RESULT tag=101 err=1 nentries=0 text=000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1

 

Without going into too much detail regarding the configuration, I’m wondering if I need to specify LDAP database configuration settings for:

idle-timeout

network-timeout

 

man slapd-ldap:

 

       idle-timeout <time>

              This directive causes a cached connection to be dropped an recreated after it has been idle for the specified time.

 

       network-timeout <time>

              Sets the network timeout value after which poll(2)/select(2) following a connect(2) returns in case of no activity.  The value is in seconds, and it can be specified as for idle-timeout.

 

 

I don’t understand the explanation for network-timeout though, and am hoping someone can kindly explain it in more detail, and suggest a scenario for its appropriate usage.

 

Also, when is it appropriate to use the ldap.conf NETWORK_TIMEOUT setting?

 

man ldap.conf:

 

       NETWORK_TIMEOUT <integer>

              Specifies the timeout (in seconds) after which the poll(2)/select(2) following a connect(2) returns in case of no activity.

 

 

 

 

Could someone please suggest the best approach for my use case?  Of course, I might also be completely off the mark here …

 

Thanks