Set the keepalive setting if the connection to the remote server has timeout issues, e.g. it connects thru a firewall that drops idle connections without sending proper close messages to both endpoints, which is common for a lot of firewalls.

This feature was added back in version 2.4.34 on 03-01-2013.

Modify the slapd.conf file to look like this:

overlay                 chain  
chain-rebind-as-user    FALSE  
chain-return-error      TRUE  
chain-uri               ldap://example.ldap.com  
chain-idassert-bind     bindmethod="simple"  
                        binddn="cn=manager,ou=admin,dc=example,dc=com"  
                        credentials="XXXXX"  
                        mode="self"  
                        flags=non-prescriptive  
                        starttls=yes  
                        tls_cacert="/opt/symas/ssl/ca_roots/1acacert.pem"  
                        tls_reqcert=never  
chain-tls               start  
                        starttls=yes  
                        tls_cacert="/opt/symas/ssl/ca_roots/1acacert.pem"  
                        tls_reqcert=never  
chain-keepalive 120:10:15