We have an issue with Sun Directory Proxy Server (DPS) recently. The IDLE connections kept building up and we needed to bounce the DPS once in a while. This is to prevent the server from running out of file descriptors.
It took us quite a while to identify what has gone wrong. The F5 load-balancer was wrongly configured by customer's system administrators.
For any enterprise load-balancer, there should be a monitor for LDAP servers. One should not use the standard TCP health check to validate the health of LDAP servers.
We found 2 good articles: