Blog »

LdapAuth 2.2 with API key and failover support

2012-08-10

Just before the summer break we released LdapAuth 2.2, the embeddable Connect2id product for simple user authentication and provisioning over the web using JSON-RPC 2.0.

The new version introduces support for API key access control as well as specifying multiple backend LDAP servers for failover and load-balancing purposes.

API keys

API keys is a popular method for controlling client access to a web service. LdapAuth 2.2 enables administrators to specify a set of API keys to grant access to selected methods, such as user.auth and user.get. Other methods meant for public use or methods that don’t carry sensitive information may be exempted from the API key requirement.

The API keys complement the previous available access control choices based on whitelisted client IPs, HTTPS security and X.509 client certificates.

LDAP server failover + load-balancing

LdapAuth enables customers to take advantage of replicated LDAP backends, for the purpose of LDAP server failover or load-balancing.

If you specify an LDAP server set you can choose between two server selection modes – failover and round-robin:

  1. Select FAILOVER to instruct LdapAuth to attempt to establish connections to the LDAP servers in the order they are provided. If the first server is unavailable, then it will attempt to connect to the second, then to the third and so on.

  2. Select ROUND-ROBIN to instruct LdapAuth to use a round-robin algorithm to select the LDAP server to which the connection should be established. Any number of servers may be included in the set and earch request will attempt to retrieve a connection to the next server in the list, circling back to the beginning of the list as necessary. If a server is unavailable when an attempt is made to establish a connection to it, then the connection will be established to the next available server in the list.

The connect timeout setting enables you to specify the precise timeout in milliseconds for LDAP connect requests. If zero LdapAuth will default to a suitable timeout value.

You can download an evaluation copy of LdapAuth from our product downloads page. No registration is required for that.