If a user has configured multiple LDAP servers, then any operation (i.e. authentication, user lookup, group lookup) which fails because of a connection failure with a server (bad URL, bad manager password) will fail immediately and not try to use subsequent configurations. I would like an option to ignore communication failures so that operations will be attempted against subsequent configurations.

For example, assume I have configured 2 LDAP servers in Jenkins which contain the following users:

• Server1: 1 user: alice
• Server2: 1 user: bob

Normally, when attempting to authenticate bob, Jenkins first connects to Server1, checks that bob is not a valid user on that server, and then connects to Server2 and attempts to bind using the supplied credentials. If Server1 is down, then Jenkins is unable to check if bob is a valid user on Server1, and so it aborts. This leaves bob unable to log in until the connection to Server1 is fixed, even those his user is not stored on Server1. This behavior is necessary in case of a configuration such as the following, assuming that alice corresponds to a different user on each LDAP server and should not be considered the same Jenkins user:

• Server1: 1 user: alice
• Server2: 1 user: alice

If I know my LDAP servers have non-overlapping usernames, then I would like the ability to mark those servers as ignorable in the event of a connection failure. Given the first set of servers, marking Server1 as ignorable would mean that bob could log in even if Server1 is unavailable. Servers should not be ignored by default, because of the potential security issue, and the ignore option should clearly explain the risks.