New monitoring and metrics for LDAP authentication

Keeping a close eye on performance and suspicious behaviour is indispensable when operating a critical enterprise service such as Single Sign-On (SSO) and Identity Provisioning (IdP).

The latest 3.2 release of the LdapAuth microservice adds a couple of JSON calls for DevOps to monitor LDAP authentication and the underlying infrastructure.

  • Usage monitoring -- Get comprehensive statistics about successful and failed (due to bad credentials) authentication requests. Also, metrics on the requests that failed to an internal error, e.g. the LDAP backend directory being unavailable. Enables DevOps engineers to measure service level and to spot potential attacks, such as attempts to brute force passwords.

  • LDAP connection pool monitoring -- Get detailed statistics about the pool of LDAP connections to the backend directory. Enables DevOps engineers to adjust the connection pool parameters for best performance.

Example usage stats:

{ "successfulAuthRequests" : { "m15_rate"  : 9.772683175949774E-7,
                               "m5_rate"   : 2.2680419495899147E-12,
                               "m1_rate"   : 2.4311455595109375E-48,
                               "count"     : 1,
                               "mean_rate" : 0.0000756265600749685,
                               "units"     : "events\/second" },
  "badAuthRequests"        : { "m15_rate"  : 0.0,
                               "m5_rate"   : 0.0,
                               "m1_rate"   : 0.0,
                               "count"     : 0,
                               "mean_rate" : 0.0,
                               "units"     : "events\/second" },
  "serverErrors"           : { "m15_rate"  : 0.0,
                               "m5_rate"   : 0.0,
                               "m1_rate"   : 0.0,
                               "count"     : 0,
                               "mean_rate" : 0.0,
                               "units"     : "events\/second" } }

LdapAuth is a micro-service for authenticating and provisioning users from an LDAP / Active Directory. Lightweight and flexible, it integrates nicely into web / mobile / cloud apps, or with with our Connect2id server for OpenID Connect Single Sign-On (SSO) and Identity Provisioning (IdP).

To get the latest version go to our downloads section.

Questions? Get in touch with Connect2id support.