Forum Discussion
walkerjt_97411
Nimbostratus
NimbostratusLDAP connection timeout
we have LDAP servers behind LTM being accessed by servers for user authentication. this works fine normally and is not an issue. however the servers are set to er-use the same session for all user connects in order to cut down one disconnect/reconnect times. this is causeing a session timeout issue behing LTM as the seesion once idle for a short period of time is torndown. we have implemented the 1 hour TTL which has reduced the issue but needs to be resolved.
what i am looking to do is open one or two persistent connections on the backend of LTM facing the LDAP server without constantly opening up hundreds of long-lived connections overrunning my TCP stack.
I know i can open a 0 timeout connection when an ldap request comes in but how do i ensure that i dont end up with 3000 open connecitons?
this is a dilema that i know can be solved but am a newbie and need some guru assistance with.
hoolioCirrostratus
You could try creating a virtual server which points to the LDAP server(s) in a pool. You could try adding a OneConnect profile to the LDAP virtual server with a long idle timeout. Then configure the LDAP auth profile to use the LDAP virtual server instead of the LDAP server directly.
You might need to experiment a bit with the OneConnect profile settings for maximum reuse and age. The max size setting should help you limit the number of connections which are maintained.
Aaron
walkerjt_97411I do applogize i have been away and performing a datacenter move and not able to get back to this configuration i will test the one connect solution thatnk you very much for your post.