Setting the Timeout Value for Individual Client Connections

Directory Server allows you to set specific attributes for individual client connections. The nsIdleTimeout attribute specifies the idle connection timeout value for individual clients. This value takes precedence over the nsslapd-idletimeout value set for the global Directory Server configuration.

Set the nsIdleTimeout attribute for the Access Manager user that binds to the LDAP directory, which by default is amldapuser. This attribute also applies to the dsameuser and puser users.

To add the nsIdleTimeout attribute for amldapuser, use either the Directory Server Console or the ldapmodify tool. For example:

ldapmodify -h host-name -p port 
-D "cn=Directory Manager" -w password 
dn: cn=amldapuser,ou=DSAME Users, dc=example,dc=com 
changetype: modify
add: nsIdleTimeout
nsIdleTimeout: timeout-value

For timeout-value, specify a value less than the connection idle timeout value set for the firewall. Thus Directory Server will close the Access Manager connections for amldapuser before they are closed by the firewall.

To add the timeout for dsameuser or puser, use the above syntax, except set the dn option to the dsameuser or puser user.

The com.sun.am.event.connection.idle.timeout property in the AMConfig.properties file specifies the timeout value in minutes after which persistent searches will be restarted. This property ensures that persistent searches are restarted when the connections are dropped. Ideally, this value should be lower than the load balancer or firewall TCP timeout value, to make sure that persistent searches are restarted before the connections are dropped. A default value of zero (0) specifies that these searches will not be restarted.

For information about the Directory Server attributes and the ldapmodify tool, see the Sun Java System Directory Server documentation: http://docs.sun.com/coll/1224.1.