Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Live Chat

Get Quote

ADAudit Plus » Get Quote
 
  

LDAP Connection Timeout Explained

The Lightweight Directory Access Protocol (LDAP), introduced in the year 1993, is a core protocol that eventually paved the way for Microsoft's Active Directory and Open LDAP. It is an open and cross-platform protocol used to maintain distributed directory information in an organized and easy-to-access manner. LDAP also serves as a directory services authentication protocol by providing a common language that applications can use to communicate with servers of other directory services.

What is LDAP connection timeout?

A LDAP connection timeout happens when the client loses connection to the LDAP server due to exceeding the time limits of InitRecvTimeout or MaxConnIdleTime parameters.

  • InitRecvTimeout - The maximum time interval (in seconds) during which the domain controller will wait for a client to send the first request after establishing connection is known as InitRecvTimeout. If the server doesn't receive the first request from the client within this period, it disconnects the client. The default value of InitRecvTimeout is 120 seconds.
  • MaxConnIdleTime - This value defines the maximum time (in seconds) a client is allowed to be idle, after which the LDAP server will terminate the connection and return a LDAP disconnect notification. The default value of MaxConnIdleTime is 900 seconds.

Default values of LDAP settings can be modified using ntdsutil.exe. Ntdsutil.exe is a command line tool that provides LDAP management facilities.

Modifying LDAP Timeout settings

  • Click Start, and select Run.
  • In the textbox, type ntdsutil and press Enter.
  • At the Ntdsutil.exe command prompt, type LDAP policies, and then press Enter.
  • At the LDAP policy command prompt, type Set name of variable to be altered followed by value, and then press ENTER. For example, Set MaxConnIdleTime to 1200.
  • To save the changes type Commit Changes and press Enter.
  • To quit Ntdsutil.exe, at the command prompt, type q, and then press Enter.

Viewing LDAP connection timeout logs

  • In Event Viewer window, go to Windows Logs ➔ Security logs.
  • Click on Filter current log under Action in the right panel.
  • Search for Event ID 1317 that identifies LDAP connection timeouts.
  • You can double-click on the event to view Event Properties.

Simplify LDAP auditing and reporting with ADAudit Plus.

Get Your Free Trial

Fully functional 30-day trial

Monitoring LDAP with ADAudit Plus

Monitoring LDAP servers is necessary to ensure service availability and performance. By tracking the LDAP queries processed, IT administrators can detect suspicious queries that may be used to perform reconnaissance on the Active Directory environment, and curb attacks. ADAudit Plus simplifies LDAP monitoring by offering predefined LDAP Auditing reports along with intuitive graphical representation of the same for the ease of comprehension.

Steps to track LDAP connection timeout

Once ADAudit Plus has been installed, it can automatically configure audit policies required for LDAP auditing. To enable automatic configuration: Log in to the ADAudit Plus web console → Domain Settings → Audit Policy: Configure.

LDAP timeout can be monitored by following the below mentioned steps:
  • Login to ADAudit Plus.
  • Select the required Domain from the dropdown list.
  • Go to the Server Audit tab.
  • Navigate to LDAP Auditing.
  • Select the Time-out LDAP Connection report.
The following are some of the information that can be found in this report:
  • When - The time at which the timeout occurred.
  • Where - The name of the domain controller to which the client lost connection.
  • Client IP address - The IP address of the client which initiated the LDAP connection.
  • Binding Type - The type of LDAP bind used to authenticate the client.
  • Remarks - A brief description of the LDAP timeout.

About ADAudit Plus

ADAudit Plus is a real-time, web-based Windows Active Directory (AD) change reporting software that audits, and reports Active Directory, Windows servers and workstations, and NAS storage devices to meet the demands of security, and compliance requirements. It comes bundled with more than 200 predefined reports that make AD auditing easier. The solution also sends real-time alerts for critical events and helps you to secure your network from threats and boosts your IT security posture. Check out the capabilities of ADAudit Plus here.

More related links

     

Native auditing becoming a little too much?

Try ADAudit Plus login monitoring tool to audit, track, and respond to malicious login and logoff actions instantaneously.

Try ADAudit Plus for free
 

ADAudit Plus Trusted By

Meet all auditing and IT security needs with ADAudit Plus.

  • Active Directory
  • File servers
  • Windows server
  • Workstation
  • Compliance
  • Related Products

A single pane of glass for complete Active Directory Auditing and Reporting

Free Trial Get Quote