We’ve got a number of LDAP-enabled NC installs in production. Having failed to RTFM we’d always assumed configuring a second LDAP server was like a primary/secondary scenario; first fails, authentication switches to the second one; authentication takes a little longer but works.
Having just had a client outage because their samba DC configured as primary LDAP source went a bit nuts, we bothered to look into it a bit more (yes we RTFMed). In there it’s clear that a second LDAP server doesn’t really do anything but might be helpful in a auth migration scenario or for manual failover, and that for failover you need to use the Advanced section.
However in the advanced section it talks about a “backup (replica) host” and stresses the importance of being a replica. Wouldn’t all secondary LDAP hosts be replicas to be useful? Or is this something specific we should be worrying about?