In our environment, TCP connections that have no traffic for ~15 minutes are dropped in the firewall. The application sees this only when it tries to send data over the socket, which times out, eventually returning an IO error or timeout.

To solve this you can either turn on TCP keepalives on the socket (and set the parameters so that the keepalive packets are sent more frequently than 15 minutes, which usually requires overriding the OS defaults which are far too long (7200 seconds).

Or, you can send application level traffic occasionally (aka heartbeat) to keep the connection alive.

The current behaviour shows up when you come back to Jenkins after a while and try to log in. The login screen takes a long time to display a failure message, and in the log file you see:

1608325741.180147 Caused: org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;LDAP response read timed out, timeout used:60000ms.; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:60000ms.; remaining name ''
1608325741.180153 Caused: org.acegisecurity.AuthenticationServiceException: LdapCallback;LDAP response read timed out, timeout used:60000ms.; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:60000ms.; remaining name ''; nested exception is org.acegisecurity.ldap.LdapDataAccessException: LdapCallback;LDAP response read timed out, timeout used:60000ms.; nested exception is javax.naming.NamingException: LDAP response read timed out, timeout used:60000ms.; remaining name ''

Unfortunately I think you cannot set keepalives on sockets in Java (unless this has been added recently), so if such a feature is added it might just have to be a "heartbeat" LDAP query that is executed occasionally.