On Windows 2008R2, here are the steps. This needs done on each DC I believe.
As administrator in CMD on a DC: ntdsutil ldap policies connections connect to server DCNAME q set MaxConnIdleTime to TIMEVALUE (we used 3600 seconds) commit changes q q Hope that helps! -Kyle On Tue, Dec 11, 2012 at 9:10 AM, Matthew M. DeLoera <[email protected]>wrote: > AD has an inactivity/idle default timeout of 900 seconds. I suspect you > can google to find the setting name, and where it's stored, in your AD > server(s). > > Hope that helps. > > - Matthew > > > On Dec 10, 2012, at 8:35 PM, Bryce Powell wrote: > > Having done some more research, it appears that Active Directory also has > some settings that could result in disconnected connections. I experimented > with idle-timeout set to 30 seconds for the LDAP databases, but this seemed > to exacerbate the frequency of the errors. The behaviour exhibits as ‘dead’ > connections, and LDAP does not appear to attempt to re-establish these > connections. Using the CentOS distro of OpenLDAP 2.4.23 > > Here are the slapd.conf settings: > > database ldap > readonly on > suffix "dc=xyz,dc=local" > #noundeffilter yes > #use-temporary-conn yes > uri "ldap://IP1/ ldap://IP2/ ldap://3/ ldap://IPn/"; > > > database ldap > readonly on > suffix "dc=abc,dc=adroot,dc=abc,dc=bc,dc=ca" > #noundeffilter yes > #use-temporary-conn yes > uri "ldap://IP11/ ldap://IP12/ ldap://13/ ldap://IP1n/ > " > > > I have some rewrite rules for bindDN, searchEntryDN, searchAttrDN, > matchedDN, but I don’t believe these settings are relevant to the issue at > hand. > > Essentially I want the connections to be re-established without generating > errors. > > Thanks > ____________________________________________ > >
