Sun Java System Reference Configuration Series: Portal Service on Application Server Cluster

ProcedureTo Configure the Connection Timeout of the Directory Service

Access Manager uses a pool of open connections to access the directory service. If these connections remain idle for longer than the Directory Server's idle timeout period, the connections will be closed on the Directory Server end, and Access Manager will restart them.

However, if a load balancer (or firewall) is located between Access Manager and Directory Server, the idle timeout of the load balancer (or firewall) might close the connection before Directory Server does. Some load balancers (or firewalls) do not close the connection cleanly, and Access Manager is not notified of the closure. In this case, connections in the pool can be exhausted, requiring a restart of Access Manager. In addition, when a connection is not closed cleanly by a load balancer (or firewall), the Directory Server might not close the socket, causing the open sockets to accumulate.

To avoid this set of circumstances, the Directory Server's idle timeout for Access Manager connections must be less than the idle timeout interval of the directory service load balancer (or firewall).

  1. Set the value of the Directory Server idle timeout to less than that of the directory service load balancer.

    Run the following command on ds1:

    # ldapmodify -h -p 389 -D "cn=Directory Manager" <<EOF

    dn: cn=amldapuser,ou=DSAME Users, dc=example,dc=com

    changetype: modify

    add: nsIdleTimeout

    nsIdleTimeout: timeout-value


    where timeout-value is a value in seconds less then the load balancer's idle timeout.

    When prompted, type the directory-manager-password.