This article explains how high availability (HA) operates for LDAP authentication in NSX Manager. It also outlines the steps to adjust the priority order of LDAP servers for authentication.

VMware NSX

VMware NSX-T Data Center

NSX Manager allows the configuration of up to three LDAP servers per domain to provide failover support. LDAP server selection follows the order displayed in the UI from top to bottom. For detailed guidance, refer to the technical documentation: LDAP Identity Source.

Additional LDAP servers configured serve as standby servers, and there is no load balancing across multiple LDAP servers.

To modify the order of LDAP servers:

1. Press and hold the LDAP server in the UI to rearrange it. 

2. Click Apply, then Save the changes.

Additionally, an LDAP server can be disabled through the UI if required during troubleshooting.

NOTE: There is a known issue in NSX 4.1.x, where authentication requests are not forwarded to other LDAP servers in the list. This issue is resolved in NSX 4.2.0 or later.

For more details, please refer to KB article Intermittent HTTP 503 error response when authenticating NSX-T manager via LDAPS