directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Re: How to close the LDAP client connection from ApacheDS
Date Thu, 24 Feb 2011 16:57:17 GMT
On 2/24/11 5:32 PM, Ado Dao wrote:
>> Also not that if you are on linux, the default number of handles you can
>> open is 1000, which is far too low for a LDAP server, assuming you might
>> have ten of thousands opened connections. Tune your system.
> I also agree you. But I
>   suspect that the number of
> open connections is steadily increasing, because
>   the error occurred after several days. After a
>   restart the ldap server it was OK.
> It looks like some
>   clients do not terminate
>   the connection. Therefore, the
>   question whether there is
>   an option for the
>   server, which terminates such
>   open connections after a timeout.
If the client disconnect without notice, yes, the connection will remain 
until we detect it.

One option would be to tune the TCP stack to close idle connections. 
Usually, it's set to 30 minutes.

Regarding the support of idle connection in the server, I don't think we 
handle that atm, but it would be a good addition. Feel free to create a 
JIRA, it should not be a complicated modification in the server to 
handle idle connections with a configurable timeout.

Also note that due to the connected nature of LDAP, one client might be 
connected for a very long time without sending a new request, so be very 
conservative with such a configuration. Establishing a connection  is 
costly and requires you store the credentials on the client, when 
manaing tens of thousands connection which do nothing is just a no 

Emmanuel L├ęcharny

View raw message