<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv=Content-Type content="text/html; charset=us-ascii"> <meta name=Generator content="Microsoft Word 11 (filtered medium)">  <style>  </style>  </head> <body bgcolor=white lang=EN-US link=blue vlink=purple> <div class=Section1> This is actually an apache webserver making the connections to directory server. What I see through tcpdump and netstat is that apache creates an LDAP connection to perform a search, and the connection sits idle for hours in established state. The webserver eventually re-uses the random port it made the initial request on to talk to a client, so the LDAP connection no longer shoes up as established on the client side. On the server side, however, it still shows the connection as established forever. There are many other apache children talking to the same LDAP server in parallel, and the number of open filehandles constantly increases. <o:p></o:p> <o:p> </o:p> I realize that it is possible that the webserver is not properly tearing the connection down or a firewall may be blocking it, but shouldn’t the server application notice that that connection was idle for more than 20min and time it out anyway?<o:p></o:p> <o:p> </o:p> <div> <div class=MsoNormal align=center style='text-align:center'> <hr size=2 width="100%" align=center tabindex=-1> </div> From: fedora-directory-users-bounces@redhat.com [mailto:fedora-directory-users-bounces@redhat.com] On Behalf Of Ulf Weltman Sent: Friday, August 10, 2007 12:49 PM To: General discussion list for the Fedora Directory server project. Subject: Re: [Fedora-directory-users] directory server setting fail toterminate idle connections<o:p></o:p> </div> <o:p> </o:p> Idle timeout enforcement is passive, it occurs when we've polled some activity and we're walking over the connection table. If you had made an additional connection or sent an operation on another established connection the idle one should have been disconnected. Brian Fender wrote: <o:p></o:p> I ran into issues hitting the max filedescriptors setting and found that it was because the server never terminates idle connections. I have an idle timeout setting of 1200 seconds (20min). If I make an LDAP request from a client to the directory server, the tcp connection stays in ESTABLISHED state on the server side forever. I ran tcpdump on the client side and not a single packet of traffic was sent to the server during for hours. <u1:p></u1:p><o:p></o:p> <u1:p> </u1:p><o:p></o:p> Any idea why this connection would not be terminated after 1200 sec?<u1:p></u1:p><o:p></o:p> <pre wrap=""><o:p> </o:p></pre><pre style='text-align:center'> <hr size=4 width="90%" align=center> </pre><pre><o:p> </o:p></pre><pre>--<o:p></o:p></pre><pre>Fedora-directory-users mailing list<o:p></o:p></pre><pre><a href="mailto:Fedora-directory-users@redhat.com">Fedora-directory-users@redhat.com</a><o:p></o:p></pre><pre><a href="https://www.redhat.com/mailman/listinfo/fedora-directory-users">https://www.redhat.com/mailman/listinfo/fedora-directory-users</a><o:p></o:p></pre><pre> <o:p></o:p></pre></div> </body> </html>