Hi,<br><br>you may have a (software/hadrware) firewall or switch/load balancer issue between ldap server and other servers. Some firewalls and switches don't let the RSET packets pass correctly. I've seen such a thing once between a database server and the web server. It was a hardware firewall (and switch) problem.<br>
If it's not a frewall/switch problem you should also reduce nsslapd-idletimeout of cn=config<br><br>A part of our sysctl.conf file on 389 server is very similar to yours, so the problem is not in the kernel config:<br>
# The total session drop time will be (net.ipv4.tcp_keepalive_time + net.ipv4.tcp_keepalive_probes*net.ipv4.tcp_keepalive_intvl)<br># Time of session inactivity when the kernel will start to send probe packets<br>net.ipv4.tcp_keepalive_time = 1200<br>
# How long the kernel waits in between probes<br>net.ipv4.tcp_keepalive_intvl = 30<br><br>We have three 389DS v1.2.6 on x86_64 servers, each one having ~100 parallel sessions, ~50000 connections and more than million searches per day, and absolutely no problem with lingering tcp connecs. Among the services using the LDAP we have also FreeRadius...<br>
<br><br><div class="gmail_quote">2010/9/22 Jim Tyrrell <span dir="ltr"><<a href="mailto:jim@scusting.com">jim@scusting.com</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
<br>
On the console I have currently configured an Idle Timeout of 300<br>
seconds and added timeout config to the Fedora OS:<br>
<br>
tcp_keepalive_time = 600<br>
tcp_keepalive_intvl = 75<br>
tcp_keepalive_probes = 9<br>
<br>
Why are these connections not timing out after the Idle time? At the<br>
moment I am having to regularly restart the directory service in order<br>
to clear the connections down.<br>
<br>
Thanks.<br>
<br>
Jim.<br>
<font color="#888888">--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</font></blockquote></div><br>