The syntax for defining multiple LDAP servers (primary and secondary) in OpenAM is different.
For example, the following 3 areas of OpenAM show varying LDAP configuration settings:
- Access Control > Realm > Services > Policy Configuration
- Access Control > Realm > Data Stores > Datastore
- Access Control > Realm > Authentication > Module Instances > LDAP
It may be preferable to have these settings set out in a consistent way with each other so that secondary LDAP servers (amongst other settings) are allowed to be specified anywhere across OpenAM.
And/or, documentation should appropriately cover the differences between each of the LDAP configuration settings across OpenAM.
One suggestion is to use the current Datastore syntax everywhere since that is the most flexible and makes it possible to create site specific LDAP server configurations which are important in DR setups.