If a client connection must be disconnected due to the expense of the client's request, such as an unindexed search across a very large database, perform the following:
  • Find the client's connection ID by looking in the cn=Active Operations,cn=monitor monitor entry.
    $ bin/ldapsearch -baseDN cn=monitor "cn=active operations" \
      --bindDN "cn=directory manager"  \
      --bindPassword password
  • The monitor entry will contain attribute values for operation-in-progress, which look like an access log message. Look for the value of conn in the client request that should be disconnected. In the following example, the client to be disconnected is requesting a search for (description=expensive), which is on connection 6.
    dn: cn=Active Operations,cn=monitor
    objectClass: top
    objectClass: ds-monitor-entry
    objectClass: ds-active-operations-monitor-entry
    objectClass: extensibleObject
    cn: Active Operations
    num-operations-in-progress: 2
    operation-in-progress: [15/Dec/2014:10:55:35 -0600] SEARCH conn=6 op=3 msgID=4
         clientIP="10.8.4.21" authDN="cn=app1,ou=applications,dc=example,dc=com" base="dc
         =example,dc=com" scope=wholeSubtree filter="(description=expensive)" attrs="A
         LL" unindexed=true
    operation-in-progress: [15/Dec/2014:10:56:11 -0600] SEARCH conn=7 op=1 msgID=2
         clientIP="127.0.0.1" authDN="cn=Directory Manager,cn=Root DNs,cn=config" base="c
         n=monitor" scope=wholeSubtree filter="(cn=active operations)" attrs="ALL"
         num-persistent-searches-in-progress: 0
  • With the connection ID value, create a file with the following contents, named disconnect6.ldif.
    dn: ds-task-id=disconnect6,cn=scheduled Tasks,cn=tasks
    objectClass: top
    objectClass: ds-task
    objectClass: ds-task-disconnect
    ds-task-disconnect-connection-id: 6
    ds-task-id: disconnect6
    ds-task-class-name: com.unboundid.directory.server.tasks.DisconnectClientTask
  • This LDIF file represents a task entry. The connection ID value 6 is assigned to ds-task-disconnect-connection-id. The value for ds-task-id value does not follow a specific convention. It must be unique among other task entries currently cached by the server.
  • Disconnect the client and cancel the associated operation by adding the task entry to the server:
    $ bin/ldapmodify --filename disconnect6.ldif  \
      --defaultAdd --bindDN "cn=directory manager" \
      --bindPassword password