- When the configuration specifies an LDAP URL that uses a DNS name with multiple IP addresses, continue trying the other IPs if the first one fails or times out, instead of simply denying access (which causes builds to fail).
- Even if the LDAP URL uses a DNS name with only one IP address, it would still be helpful to retry the connection in case of a temporary network issue or LDAP server performance problem. Ideally the timeout/retry behavior would be configurable.
Where DNS name ldap.americas.mycompany.com returns multiple IP addresses like:
Currently, Artifactory will try to connect to the first IP, but if that LDAP server is down, unresponsive, or unreachable, it appears that the authentication request is failed right away without retrying, even if the other LDAP server IPs are alive and well. This will typically result in seemingly random build failures when one of the LDAP servers is offline. For instance: [ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy (default-deploy) on project
Reliability could be improved by trying, in sequence, each of the IP addresses returned by DNS until a responsive server is found, and/or including a configurable retry/timeout mechanism.
Granted, there are some potential workarounds, such as creating a separate LDAP configuration in Artifactory for each LDAP server IP, or using a GSLB, or a floating IP for LDAP, but many other tools and services automatically try to connect to each IP returned by DNS so that is the behavior that many users expect.