ejwdc (ejwdc) asked a question.
LDAP Interface Okta API Usage
We're looking into what is causing us to hit org-wide rate limits. One of the areas we're investigating is how the LDAP Interface uses the Okta Management API.
What kind of request patterns are used by the LDAP Interface on the Okta API? It looks like the request pattern here is to fetch all users and for each user fetch its group memberships.. If so, the LDAP interface usage of the Okta API will grow linearly with the number of okta users
How often does the LDAP interface poll? Also does it throttle its API requests?
Hello @ejwdc (ejwdc)
Thanks for posting.
There are some known issues regarding LDAP interface and API.
Querying the memberOf attribute can affect your org rate limits. To avoid rate limit issues, Okta recommends using the group membership attribute uniqueMember. This configuration scales API calls with the number of groups and not the number of users.
When LDAP apps query Okta for users and groups, Okta must be the source of truth if the apps use LDAPi to connect to Okta.
https://help.okta.com/en/prod/Content/Topics/Directory/LDAP-interface-limitations.htm
https://help.okta.com/en/prod/Content/Topics/Directory/LDAP-interface-pagination-control.htm
If you continue to have issues with org-wide rate limits I suggest you to open a support case with our team using the information in the link below: https://help.okta.com/en/prod/Content/Topics/Directory/get-support.htm
Most likely we will need access to the account to check what is happening.
Let us know if this helps you.
Daniela Chavarria.
Okta Inc.