Our organization uses Advanced Authentication in combination with Access Manager for step-up authentication. The methods we use are the NetIQ Smartphone app, TOTP, and HOTP. In this configuration, we use Advanced Authentication only for the 'OAuth-based' integration with NetIQ Access Manager, where the user is redirected to the OSP of Advanced Authentication for step-up authentication (using one of the methods mentioned above). As a back-end, we use a clustered eDirectory environment.
We average around 70,000 authentications per day via this 'OAuth-based' integration. We have found that one authentication, for example with TOTP, results in 21 LDAP bind operations on the back-end.
A quick calculation shows that we need to process around 1.4 million bind (query and unbind) operations per day.
When we increase the LDAP trace, we see that many queries for a single authentication (via OSP) are the same or "redundant".
I wonder if others have observed this behavior as well and/or have ideas on how to reduce the load on LDAP back-ends.
This behavior has been observed on version 6.4.2.1, and I am aware that version 6.4.3.2 has been released, but the release notes do not mention any specific improvements regarding the LDAP implementation.