How to have the User Store for CA Identity Manager set to failover on a secondary LDAP store. When the primary LDAP goes down, CA Identity Manager does not failover to the secondary LDAP. What is the best way to solve or overcome this?

CA Identity Manager failover for user stores do not handle switching over to a secondary LDAP fast enough even when both LDAP stores are correctly defined in the Directory.xml file. The best way to overcome this is to set the DSA router to point to the primary and secondary DSA through CA Directory. This will handle failover correctly and will not have any impact when the primary goes down. To correctly set this up, please follow this doc:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/ca-directory-concepts/directory-distribution-and-routing/dsas-with-same-prefix.html

Failover is the ability of a router DSA to continue to service queries even when a data DSA becomes unavailable. If the router detects that a DSA has failed, it resends outstanding requests to another DSA that serves the same partition, making the failure invisible to clients.During normal operation, the standby DSA is kept synchronized with the primary data DSA in case it is needed. Failover is important for systems requiring high availability and reliability.