If a client connection must be disconnected because of the expense of the client's request, such as an unindexed search across a very large database, perform the following:
- Find the client's connection ID by looking in the cn=Active
Operations,cn=monitor monitor entry.
$ bin/ldapsearch -baseDN cn=monitor "cn=active operations" \ --bindDN "cn=directory manager" \ --bindPassword password
- The monitor entry will contain attribute values for
operation-in-progress, which look like an access log message. Look
for the value of conn in the client request that should be
disconnected. In the following example, the client to be disconnected is requesting a
search for (description=expensive), which is on connection 6.
dn: cn=Active Operations,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-active-operations-monitor-entry objectClass: extensibleObject cn: Active Operations num-operations-in-progress: 2 operation-in-progress: [15/Dec/2014:10:55:35 -0600] SEARCH conn=6 op=3 msgID=4 clientIP="10.8.4.21" authDN="cn=app1,ou=applications,dc=example,dc=com" base="dc =example,dc=com" scope=wholeSubtree filter="(description=expensive)" attrs="A LL" unindexed=true operation-in-progress: [15/Dec/2014:10:56:11 -0600] SEARCH conn=7 op=1 msgID=2 clientIP="127.0.0.1" authDN="cn=Directory Manager,cn=Root DNs,cn=config" base="c n=monitor" scope=wholeSubtree filter="(cn=active operations)" attrs="ALL" num-persistent-searches-in-progress: 0
- With the connection ID value, create a file with the following contents, named
disconnect6.ldif.
dn: ds-task-id=disconnect6,cn=scheduled Tasks,cn=tasks objectClass: top objectClass: ds-task objectClass: ds-task-disconnect ds-task-disconnect-connection-id: 6 ds-task-id: disconnect6 ds-task-class-name: com.unboundid.directory.server.tasks.DisconnectClientTask
- This LDIF file represents a task entry. The connection ID value 6 is assigned to ds-task-disconnect-connection-id. The value for ds-task-id value does not follow a specific convention. It must be unique among other task entries currently cached by the server.
- Disconnect the client and cancel the associated operation by adding the task entry to
the server:
$ bin/ldapmodify --filename disconnect6.ldif \ --defaultAdd --bindDN "cn=directory manager" \ --bindPassword password