Configuring Secondary LDAP (Failover)

Hello

I would like to configure a secondary LDAP as a Failover. Meaning if the first LDAP doesn’t respond or is not reachable, the secondary LDAP should be used for authentication.

My LDAP configuration looks like following:

    gitlab_rails['ldap_enabled'] = true
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
     label: 'LDAP First'
     host: 'fqdnfirstldap.domain.com
     port: 636
     uid: 'uid'
     method: 'ssl' # "tls" or "ssl" or "plain"
     bind_dn: 'cn=user,ou=sysusers,dc=domain,dc=com'
     password: 'password'
     active_directory: false
     allow_username_or_email_login: false
     block_auto_created_users: false
     base: 'ou=people,dc=domain,dc=com'
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
#
   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
     label: 'LDAP Second'
     host: 'fqdlsecondldap.domain.com'
     port: 636
     uid: 'uid'
     method: 'ssl' # "tls" or "ssl" or "plain"
     bind_dn: 'cn=user,ou=sysusers,dc=domain,dc=com'
     password: 'password'
     active_directory: false
     allow_username_or_email_login: false
     block_auto_created_users: false
     base: 'ou=people,dc=domain,dc=com'
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
EOS

The first LDAP works well, but as soon as the server is not reachable anymore (done with hosts file to nonexisting IP), it doesn’t switch over to the secondary LDAP.

What am I doing wrong? Is it meant to be configured as kind of failover? If not, what’s the use of defining a secondary LDAP?

Thank you in advance for the help!