Multiple LDAP urls for Ranger LDAP authentication

You can configure multiple LDAP URLs, with space-separated values, through safety-valve for both Ranger Admin (for authentication) and Ranger Usersync (for syncing users).

Cloudera Manager restricts the specification of multiple LDAP URLs for the following properties:

Admin AD Auth URL (ranger.ldap.ad.url) or Admin LDAP Auth URL (ranger.ldap.url) for Ranger Admin
Usersync LDAP/AD URL (ranger.usersync.ldap.url) for Ranger Usersync

To address this limitation, you can implement the following steps:

For Ranger Admin: Add the ranger.ldap.ad.url or ranger.ldap.url property to the Ranger Admin Advanced Configuration Snippet (Safety Valve) for conf/ranger-admin-site.xml with the value. For example, ldap://<localhost1>:<port> ldap://<localhost2>:<port> and so on.
For Ranger Usersync: Add the ranger.usersync.ldap.url property to the Ranger Usersync Advanced Configuration Snippet (Safety Valve) for conf/ranger-ugsync-site.xml with the value. For example, ldap://<localhost1>:<port> ldap://<localhost2>:<port> and so on.

This configuration overwrites the property values specified in the ranger.ldap.ad.url or ranger.ldap.url, and ranger.usersync.ldap.url properties in Cloudera Manager. The LDAP provider attempts to use each URL in turn until it is able to create a successful connection. The LDAP provider then sets the Context.PROVIDER_URL property to the successful URL, so that the application can determine which URL is being used.