PingOne

LDAP gateway health endpoints

To monitor the health of a running Lightweight Directory Access Protocol (LDAP) gateway client, you can configure the gateway client to expose HTTP endpoints that return metrics indicating the health of the application.

Enable the probes for an LDAP gateway client running in a Docker container.

Before you begin

Make sure:

  • You added an LDAP gateway and are ready to start the gateway instance in a Docker container.

  • If you have a valid gateway credential, have it ready. Alternatively, you can create a new credential on the Overview tab in the gateway details. Learn more in Creating or revoking a gateway credential.

  • Docker is installed and the Docker Engine is running.

Steps

  1. Start the gateway instance in a Docker container and add the following parameter to the Docker command:

    -e SPRING_PROFILES_ACTIVE=enableProbes
  2. At a command prompt, run the Docker command.

URL and port

The LDAP gateway client exposes the following HTTP endpoints on port 8080 inside the Docker container. These endpoints are included in the default SpringBoot health endpoints. Learn more about SpringBoot health endpoints in the Spring documentation.

  • /actuator/health

  • /actuator/health/ldap

  • /actuator/health/pingOne

Response body

When a GET request is made to the /actuator/health endpoint, the application responds with a JSON object detailing the overall status and the status of various components, including the LDAP gateway and PingOne described below:

  • "status": "UP": Indicates all components are healthy.

  • "status": "DOWN": Indicates at least one component is unhealthy.

To get the status of a specific component, add the component’s name to the URL.

LDAP server connection status

When a GET request is made to the /actuator/health/ldap endpoint, the following JSON object is returned when the gateway client is connected to the LDAP server:

 {
    "status": "UP",
    "details": {
      "numberOfActiveConnectionsInGenericPool": 1,
      "spaceLeftInGenericPool": 99,
      "maximumPossibleConnectionsInGenericPool": 100,
      "numberOfActiveConnectionsInBindPool": 1,
      "spaceLeftInBindPool": 99,
      "maximumPossibleConnectionsInBindPool": 100
   }
 }

The following statuses are returned:

  • "status": "UP": Indicates the gateway client is connected to the LDAP server.

  • "status": "DOWN": Indicates the gateway client isn’t connected to the LDAP server.

The following table provides more information on the status of the connection pools the gateway client manages:

Property Description

maximumPossibleConnectionsInGenericPool

Maximum possible connections allowed in the generic connection pool.

numberOfActiveConnectionsInGenericPool

The number of active connections in use by the gateway client to handle LDAP requests.

spaceLeftInGenericPool

The number of available connections left in the generic pool.

maximumPossibleConnectionsInBindPool

Maximum possible connections allowed in the bind connection pool.

numberOfActiveConnectionsInBindPool

The number of active connections in use by the gateway client to handle LDAP bind requests.

spaceLeftInBindPool

The number of available connections left in the bind pool.

PingOne connection status

When a GET request is made to the /actuator/health/pingOne endpoint, the following JSON object is returned when the gateway client is connected to PingOne:

 {
   "status": "UP",
   "details": {
   "numberOfActiveConnections": 4
   }
 }

The following statuses are returned:

  • "status": "UP": Indicates the gateway client has at least one active WebSocket connection to PingOne.

  • "status": "DOWN": Indicates the gateway client doesn’t have any active WebSocket connections to PingOne.

The following table provides more information on the gateway client’s connection status to PingOne:

Property Description

numberOfActiveConnections

The number of active WebSocket connections to PingOne.

The gateway client maintains WebSocket connections to each available region in the PingOne environment’s geography.

For example:

  • us-east

  • us-west

The gateway client should always have at least one active connection to be considered healthy.