Using the secldapclntd daemon

Edit online

The secldapclntd daemon dynamically manages connections to a LDAP server.

At start up, the secldapclntd daemon connects to the servers defined in the /etc/security/ldap/ldap.cfg file (one connection per LDAP server). Later, if the secldapclntd daemon determines that the LDAP connection is restricting LDAP processing requests, the daemon will automatically establish another connection to the current LDAP server. This process continues until the predefined maximum number of connections is reached. After the maximum number of connections is reached, no new connections are added.

The secldapclntd daemon periodically checks all the connections to the current LDAP server. If any connection other than the first connection is idle for a predefined period, the daemon will close that connection.

The connectionsperserver variable in the /etc/security/ldap/ldap.cfg file is used as the maximum number of connections. However, if the connectionsperserver variable is greater than the numberofthread variable, the secldapclntd daemon sets the connectionsperserver value to numberofthread value. The valid values for the connectionsperserver variable are 1 to 100. The default value is 10 (connectionsperserver: 10).

The connectionmissratio variable in the /etc/security/ldap/ldap.cfg file sets the criteria for establishing new LDAP connections. The connectionmissratio variable is the percentage of operations that failed to obtain LDAP connections (handle-miss) during first attempts. If the number of missed attempts is greater than the connectionmissratio variable, the secldapclntd daemon enhances the LDAP queries by establishing new LDAP connections (not to exceed the number of connections defined in the connectionsperserver variable). The valid values for the connectionmissratio variable are 10 to 90. The default value is 50 (connectionmissratio: 50).

The connectiontimeout variable in the /etc/security/ldap/ldap.cfg file is used as the period that connections can remain idle before they are closed by the secldapclntd daemon. The valid values for the connectiontimeout variable are 5 seconds or more (no maximum limit). The default value is 300 seconds (connectiontimeout: 300).