RSS feed

Re: query on nslcd timeout behavior

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: query on nslcd timeout behavior

On Wed, 2017-11-08 at 13:18 +0000, wrote:
> After setting up the nss-pam-ldap ver 0.9.5, we noticed that the ldap
> session triggered by a user login via sftp/ssh is not closed as soon
> as the user logs out. The session unbinds only after the idle_timeout
> value.
> Is this an expected behavior?

There are a few LDAP connections opened to the LDAP server during
authentication. Most of the connections are used for performing regular
name lookups and other queries and only one is used (with the user's
credentials) for authentication.

The user connection should be closed pretty quickly after
authentication. The other connections are more long-lived because they
are also shared over multiple requests. This behaviour can be
configured using the idle_timelimit nslcd.conf option.

Hope this helps,

-- arthur - - --
To unsubscribe send an email to or see