The Okta LDAP Interface (LDAPi) provides an LDAPv3 compatible read-only connection to the Okta Universal Directory, for use by third-party platforms. This article explains how to find Okta system log (syslog) events for LDAPi.
- Okta LDAP Interface (LDAPi)
- System Log (syslog)
The LDAPi works by translating LDAPv3 queries into Okta API GET requests. To perform this type of transaction internally, an Okta User with Read Only Admin permissions performs an LDAP bind, submits the query, and is given the information as a response.
There are three main event types that can be searched in Syslog.
eventType eq "system.ldapi.bind" or eventType eq "system.ldapi.unbind" or eventType eq "system.ldapi.search"
Please note that the above Syslog search string does not log successful LDAPi bind, unbind, or search events. Instead, for successful LDAPi queries, Okta Syslog will show the Okta user's successful login, policy evaluation, and logout.
Example search success in Terminal
Example search success in Syslog
Syslog events will only be logged when there is failure or a non-zero error code as the result. These events are logged to aid in troubleshooting the failure.
Example search failure in Terminal
Example search failure in Syslog
Example bind failure in Terminal
Example bind failure in Syslog
Related References
Verify a Connection to the Okta LDAP Interface
Event Types (Okta Developer)
