In  Tanzu Kubernetes Grid Integrated (TKGI) 1.6, LDAPBindVerifier was added to the TKGI tile to check if the specified LDAP server exists and the provided credentials are valid. 

Unfortunately, this verifier works only with a single LDAP URL although multiple LDAP servers are supported in TKGI when spaced separated.

When multiple LDAP URLs are entered, saving the UAA tab will result in an error page with a message similar to below:

Product Version: 1.6+

The TKGI tile verifiers can be turned off by calling the Operations Manager (Ops Manager) API.

1. Get the UAA_ACCESS_TOKEN to communicate with the Ops Manager API:

uaac target https://OPS-MAN-FQDN/uaa --skip-ssl-validation
uaac token owner get
uaac contexts
export UAA_ACCESS_TOKEN=<record_access_token>

2. Turn off a LDAPBindVerifier by calling the Ops Manager API.
 

Reference: TKGI Granular Verifier Control 
 

curl "https://OPS-MAN-FQDN/api/v0/staged/products/PKS-PRODUCT-GUID/verifiers/install_time/LDAPBindVerifier" \
-X PUT \
-H "Authorization: Bearer $UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "enabled": false }' 

3. Check if the LDAPBindVerifier was turned off:

curl "https://OPS-MAN-FQDN/api/v0/staged/products/PKS-PRODUCT-GUID/verifiers/install_time" -X GET -H "Authorization: Bearer $UAA_ACCESS_TOKEN"

{"verifiers":[{"type":"LDAPBindVerifier","enabled":false},{"type":"SsoUrlVerifier","enabled":true}]}

4. Save the UAA tab and Apply Changes.

• Go back to the UAA tab and save the form. It will still show the same 500 error page but the values entered on the tab will persist properly.
• Go to the Installation Dashboard and Apply Changes. It will proceed without an error message and multiple LDAP URLs will be persisted in the UAA DB.