PingDirectory

The server must disconnect a client connection

If a client connection must be disconnected because of the expense of the client’s request, such as an unindexed search across a very large database, perform the following:

  • Find the client’s connection ID by looking in the cn=Active Operations,cn=monitor monitor entry.

    $ bin/ldapsearch -baseDN cn=monitor "cn=active operations" \
  --bindDN "cn=directory manager"  \
  --bindPassword password

  • The monitor entry will contain attribute values for operation-in-progress, which look like an access log message. Look for the value of conn in the client request that should be disconnected. In the following example, the client to be disconnected is requesting a search for (description=expensive), which is on connection 6.

    dn: cn=Active Operations,cn=monitor
objectClass: top
objectClass: ds-monitor-entry
objectClass: ds-active-operations-monitor-entry
objectClass: extensibleObject
cn: Active Operations
num-operations-in-progress: 2
operation-in-progress: [15/Dec/2014:10:55:35 -0600] SEARCH conn=6 op=3 msgID=4
     clientIP="10.8.4.21" authDN="cn=app1,ou=applications,dc=example,dc=com" base="dc
     =example,dc=com" scope=wholeSubtree filter="(description=expensive)" attrs="A
     LL" unindexed=true
operation-in-progress: [15/Dec/2014:10:56:11 -0600] SEARCH conn=7 op=1 msgID=2
     clientIP="127.0.0.1" authDN="cn=Directory Manager,cn=Root DNs,cn=config" base="c
     n=monitor" scope=wholeSubtree filter="(cn=active operations)" attrs="ALL"
     num-persistent-searches-in-progress: 0

  • With the connection ID value, create a file with the following contents, named disconnect6.ldif.

    dn: ds-task-id=disconnect6,cn=scheduled Tasks,cn=tasks
objectClass: top
objectClass: ds-task
objectClass: ds-task-disconnect
ds-task-disconnect-connection-id: 6
ds-task-id: disconnect6
ds-task-class-name: com.unboundid.directory.server.tasks.DisconnectClientTask

  • This LDIF file represents a task entry. The connection ID value 6 is assigned to ds-task-disconnect-connection-id. The value for ds-task-id value does not follow a specific convention. It must be unique among other task entries currently cached by the server.

  • Disconnect the client and cancel the associated operation by adding the task entry to the server:

    $ bin/ldapmodify --filename disconnect6.ldif  \
  --defaultAdd --bindDN "cn=directory manager" \
  --bindPassword password