We run a few ldap servers (RH5, openldap 2.3) for our Linux systems to authenticate against. Using the netstat command we notice that a large number of established connections are always present on our ldapservers. We currently do not use idle_timelimit in any of the client ldap.conf files and we also do not use idletimeout in slapd.conf on our servers. We have seen a few remarks stating that if idletimeout is used in slapd that it may adversely affect replications.
We are trying to decide if we should use the server based idletimeout or the client idle_timelimit to close the idle connections. Any recommendations? If so, what are some sane values to start with?
We currently do not use ncsd on the clients, but are considering it if that makes a difference in the above settings.
--On Wednesday, February 16, 2011 3:20 PM -0700 ldap@mm.st wrote:
We currently do not use ncsd on the clients, but are considering it if that makes a difference in the above settings.
(a) Don't use nscd, use something modern that is functional
(b) idle clients don't cause harm. Who cares if there are idle open connections?
(c) If you really want to force them to close and reconnect, just make sure your replication identity is excluded from the limit.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
On 16 févr. 11, at 23:38, Quanah Gibson-Mount wrote:
--On Wednesday, February 16, 2011 3:20 PM -0700 ldap@mm.st wrote:
We currently do not use ncsd on the clients, but are considering it if that makes a difference in the above settings.
(a) Don't use nscd, use something modern that is functional
Can you please provide examples of good alternatives to nscd?
Regards, Thierry
--On Thursday, February 24, 2011 10:13 PM +0100 Thierry Lacoste lacoste@u-pec.fr wrote:
On 16 févr. 11, at 23:38, Quanah Gibson-Mount wrote:
--On Wednesday, February 16, 2011 3:20 PM -0700 ldap@mm.st wrote:
We currently do not use ncsd on the clients, but are considering it if that makes a difference in the above settings.
(a) Don't use nscd, use something modern that is functional
Can you please provide examples of good alternatives to nscd?
http://arthurdejong.org/nss-pam-ldapd/setup http://ftp.netbsd.org/pub/NetBSD/NetBSD-current/src/external/bsd/openldap/dist/contrib/slapd-modules/nssov/slapo-nssov.5
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
ldap@mm.st -
Quanah Gibson-Mount -
Thierry Lacoste