On 06/02/2016 09:48 AM, Martin Basti wrote:

On 31.05.2016 17:10, Stanislav Laznicka wrote:

This is a fix to https://fedorahosted.org/freeipa/ticket/5383. From the comments I am not sure if nsslapd-idletimeout should be reduced as well. If so, could you please propose a value that you find reasonable?


It looks that only ioblocktimeout is safe to change and we should not change the second attribute, Thierry can you confirm this?
The patch looks ok to me. It is safe to tune idletimeout as well but here it does not bring real benefit. The patch leaves idletimeout to the default value that is no close on idle connection.

ioblock is set to 10s that is in a good range of values (DS team recommended 10-30s). Note that ioblock is sensitive for slow ldap client. If a client is not able to read fast enough, the server will close the connection. This can happen for example if a client did a large SRCH and is processing slowly the received entries.

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to