SUSE
LDAP: allow multiple servers to be registered
Thus, increasing the availability just in case the main server goes down or something. Bear in mind that this won't make it for the 2.1 release since we have already piled up quite some features for that release (unless someone else steps in of course ;) ).
A few questions I'd like to know the answer to (maybe even have mentioned in an RFC), is what CAP trade-off we should go for with multiple servers? Should be do CP (all servers must have identical records) or AP (any record is good enough when we're checking credentials). Or should this just be a fallback thing (would this cause problems with users who could authenticate earlier but after the fall-back the different LDAP server is providing different information -- or no information -- about the same user)?
@cyphar My idea was, that all LDAP servers have the same (replicated) database. So it doesn't matter which server portus queries. Fallback (including fallback timeout) is only required when the first server doesn't respond. It is not required when the first server responds but has no entry about the user. It's DNS resolver like semantics. I think a multi-domain setup is more complex from the use case side (what-to-do-if ...) to start with...
Maybe one could extend the simple functionality with a config variable controlling when to fallback (if server is not reachable or authentication of user fails). However then we have to deal with a per-team LDAP config including a dedicated LDAP server entry for each team insetad a global one and possibly much more hassle.
Do you prefer an other setup then the case of multiple replicated LDAP servers?
