diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index 319b20396e6ed234a4b76cc202f05bd73bd0a7ca..3cc267347f9295a07c9567bd4cb596555f7016dc 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -137,6 +137,35 @@ int connections_shutdown(void)
 	return 0;
 }
 
+/*
+ * Timeout idle connections.
+ */
+int connections_timeout_idle(time_t now)
+{
+	int i = 0;
+	int connindex;
+	Connection* c;
+
+	ldap_pvt_thread_mutex_lock( &connections_mutex );
+
+ 	for( c = connection_first( &connindex );
+		c != NULL;
+		c = connection_next( c, &connindex ) )
+	{
+		if( difftime( c->c_activitytime+global_idletimeout, now) < 0 ) {
+			/* close it */
+			connection_closing( c );
+			connection_close( c );
+			i++;
+		}
+	}
+	connection_done( c );
+
+	ldap_pvt_thread_mutex_unlock( &connections_mutex );
+
+	return i;
+}
+
 static Connection* connection_get( ber_socket_t s )
 {
 	/* connections_mutex should be locked by caller */
diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c
index eb26b8feded137a5058ee9e6029907d0e708c733..b80ec9c62b9d50970f7ec2d034f375c700c34417 100644
--- a/servers/slapd/daemon.c
+++ b/servers/slapd/daemon.c
@@ -330,8 +330,13 @@ slapd_daemon_task(
 		ber_socket_t i;
 		int ns;
 		ber_socket_t nfds;
-		int ebadf = 0;
 #define SLAPD_EBADF_LIMIT 10
+		int ebadf = 0;
+
+#define SLAPD_IDLE_CHECK_LIMIT 4
+		time_t	last_idle_check = slap_get_time();
+		time_t	now;
+
 
 		fd_set			readfds;
 		fd_set			writefds;
@@ -346,6 +351,12 @@ slapd_daemon_task(
 		char	*client_name;
 		char	*client_addr;
 
+		if( global_idletimeout > 0 &&
+			difftime( last_idle_check+global_idletimeout, now ) < 0 )
+		{
+			connections_timeout_idle(now);
+		}
+
 		FD_ZERO( &writefds );
 		FD_ZERO( &readfds );
 
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index dba1e5debea7a5c65407842f04cf72c61d4106b0..58e92c964ab0db4ba5474c9153fee75a4d8297fc 100644
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -128,6 +128,7 @@ int read_config LDAP_P(( char *fname ));
 int connections_init LDAP_P((void));
 int connections_shutdown LDAP_P((void));
 int connections_destroy LDAP_P((void));
+int connections_timeout_idle LDAP_P((time_t));
 
 long connection_init LDAP_P((
 	ber_socket_t s,