2.2.1 Using More Than One LDAP User Store

You can configure Identity Server to search for more than one user store during authentication.

Figure 2-1 Multiple LDAP Directories

It is assumed that each LDAP directory contains different users. Ensure that the users have unique names across all LDAP directories.

If both directories contain a user with an identical name, the name and password information discovered in the search of the first directory is always used for authentication. You can specify the search order when configuring the authentication method.

When users are added to the configuration store, objects are created for Access Manager profiles. If you delete a user from the LDAP directory, orphaned objects for that user remain in the configuration store.

If you add a secondary Administration Console and you have added replicas to the user store of the primary Administration Console, ensure to add the replicas to the secondary Administration Console.

All user stores that you add are included in health checks. If health problems occur, the system displays the user store on the Health page and in the trace log file.