Am Mon, Sep 02, 2024 at 11:20:10PM -0000 schrieb Jaehwan Kim via FreeIPA-users: > Hello Sumit, > > Thanks for your suggestion. > Unfortunately, we couldn't find out 'ldap_connection_idle_timeout' at > sssd-ldap man page. > So we think that you meant 'ldap_connection_expire_timeout' of which default > is 900s.
Hi, yes, 'ldap_connection_idle_timeout' was only added recently, so if you are using an older version 'ldap_connection_expire_timeout' is a suitable option as well. > In our discussion, we conclude that ldap re-connecting from 9K hosts about > every 240s (because ms azure default NAT timeout is 240s) may consume more > FreeIPA server resource than 9K hosts' sending light data to keep ldap > connnection safely against NAT's removing the connection info. Please note that SSSD will not immediately reconnect but only if there is a request which has to be sent to the LDAP server. And since the connection is closed because it is idle I think there is a fair chance that the connection will stay down for some minutes. > > Is there an option to send light data that the ldap connection is alive? There are no options for sssd.conf, but you can try to set some of the KEEPALIVE_* options in /etc/openldap/ldap.conf, see man ldap.conf for details. HTH bye, Sumit > > Thank you. > JHK > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
