Log time request spent performing LDAP authentication

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

Performance problems caused by LDAP are difficult to diagnose. GitLab does not provide any measures on the time spent performing LDAP authentication, leaving the GitLab administrator with little evidence that LDAP may be causing a problem.

Intended users

• Sidney (Systems Administrator)

Further details

The primary benefit is the enablement of fast debugging for LDAP performance issues. GitLab Support and impacted customers may spend days researching these issues before uncovering the root cause, often requiring the use of low-level debugging tools like strace. See ZenDesk ticket # 135950 (internal link) for one example.

Proposal

Logging the time spent on LDAP authorization to /var/log/gitlab/gitlab-rails/api_json.log and /var/log/gitlab/gitlab-rails/production_json.log in the same manner as the view and db values are currently.

Permissions and Security

No permission changes.

Documentation

No documentation changes required.

Testing

Testing will be needed to ensure that the logged durations are accurate.

What does success look like, and how can we measure that?

We should be able to understand what portion of a given request was spent waiting for LDAP authorization at a glance.

What is the type of buyer?

This will be most useful for enterprise customers as they the most common users of GitLab's LDAP integration.

Links / references

/cc @lbot