LDAP authentication | Strata Docs

Overview

Maverics requires the following information for LDAP authentication providers.

Field	Description
Name	A friendly name for your LDAP service.
URL	The URL of the LDAP server that Maverics connects with.
Service Account Username	The username used to connect to the LDAP server.
Service Account Password	The password used to connect to the LDAP server.
Base DN	Specifies the location in which to perform the LDAP search.
OUD Search Key	Key to filter on during query and bind operations.
Authentication Search Scope Optional	Provide the attribute you want to use for looking up user and group data. You can select from baseObject, singleLevel, or wholeSubtree.
Login URL Optional	Set a custom endpoint for posting the user's credentials. If unset, the form is will be submitted to a default location of /.ldap-login. Using the URL When specifying a Login URL, use absolute (full) URL including scheme, hostname, and path to ensure status requests are routed correctly. Always specify custom loginURL value if the Route Pattern in a Proxy app includes a hostname. For example, if the Route Pattern is defined as follows: - api.example.com Then the loginURL value might be: loginURL: https://api.example.com/login
Custom Login HTML Optional	Present a custom page to prompt the user for authentication. It should contain the file system location of an HTML page. If the value is unset a default login page will be used.
CA Optional	The path to your certificate authority when using self signed certs.

Identity Service Health Monitoring

Identity Service Health Monitoring is a feature used as part of Identity Continuity and is available for OIDC, SAML, and LDAP identity services. When enabled, this feature allows the orchestrator to continuously poll the identity service and trigger an alert if it can't be reached. In addition, you can create a manual failover mechanism for break-glass scenarios with the custom health check endpoint capability.

You will need to configure Identity Service Health Monitoring for each identity service used in your continuity strategy.

When this feature is enabled, the following fields can be configured:

Name	Description	Example
Polling Frequency	The interval between each health check of the identity service. Can be set in seconds, minutes, or hours.	`30s`
Timeout	The maximum wait time for a response. Can be set in seconds, minutes, or hours.	`5s`
Failover Threshold	The number of consecutive negative (down) health check results to trigger a failover.	4
Fallback Threshold	The number of consecutive positive (up) health check results to trigger a fallback.	4
Custom Health Check	Enabling this allows you to override the behavior of monitoring IDP availability. This can be used use custom signals for IDP health or for a break-glass scenario to manually trigger failover and fallback behaviors.
Custom Health Check Endpoint	The endpoint to use for the custom health check. The value must be a fully qualified URL.	`https://example.com/health`
Expected Status Codes	(Optional) The HTTP status codes that the custom health check returns to be considered healthy.	`200, 201`
Response Body Matcher	(Optional) A matcher that verifies the expected value in the response body of a health check.	`'"status": "up"'`