Hi Rob,
Scott is spot on. We (CA Directory DSA) do not send message to client application when a connection reaches user idle time value. What you will notice is that the WARN log of the DSA, reporting a timeout message.
I just tested this by
* setting 'set user-idle-time = 60;' via DXconsole of my test dsa (NOTE: Time is in seconds so that is 1 minute).
* Connected to it via JXplorer LDAP browser as an 'anonymous' user.
* Left it alone for 2+ minutes and checked the warn log, which showed:
[12] 20190515.093943.009 WARN : Idle association 1 ( - ) timed out after 61 seconds
As you can see, on 61st second that connection was dropped as 'Idle association' as the user-idle-time I had configured was 60 seconds.
Hope this helps.
Cheers,
Hitesh