Reduce the number of threads in nslcd

Slapd process has more than 2500 open files in DC10 with 500
subclouds. Given that the process limit set at 4096, as such,
it will hit limit before reaches 1000 subcloud target.

By default, nslcd starts 5 threads that can handle requests
and perform LDAP queries. Each thread opens a separate
connection to the LDAP server. nslcd runs on every host
including the System Controller. The number of open
files from 500 subclouds would be 2500.

This update reduces the number of threads to 2 that
should be sufficient for user/group authentication.
This will support 1000 DX subclouds.

It also adds 10 minutes inactivity timeout to close
idle connections.

Story: 2008960
Task: 42612

Change-Id: I4d43e39a3212e6763ab3f5184dd5ef1e8b2a8af8
Signed-off-by: Tao Liu <tao.liu@windriver.com>

puppet-manifests/src/modules/platform/manifests/ldap.pp

@@ -6,6 +6,8 @@ class platform::ldap::params (
   $ldapserver_remote = false,
   $ldapserver_host = undef,
   $bind_anonymous = false,
+  $nslcd_threads = 2,
+  $nslcd_idle_timelimit = 600,
 ) {}
 
 class platform::ldap::server

puppet-manifests/src/modules/platform/templates/nslcd.conf.erb

@@ -20,6 +20,10 @@ gid ldap
 #
 uri ldap://<%= @ldapserver_host %>
 
+# Specifies the number of threads to start that can handle requests
+# and perform LDAP queries. The default is to start 5 threads.
+threads <%= @nslcd_threads %>
+
 # The distinguished name of the search base.
 base dc=cgcs,dc=local
 
@@ -58,7 +62,8 @@ rootpwmoddn cn=ldapadmin,dc=cgcs,dc=local
 
 # Idle timelimit. nslcd will close connections if the
 # server has not been contacted for the number of seconds.
-#idle_timelimit 3600
+#idle_timelimit 600
+idle_timelimit <%= @nslcd_idle_timelimit %>
 
 # Use StartTLS without verifying the server certificate.
 #ssl start_tls