We'd like to avoid latency from LDAP calls across datacenters, but we need to be able to failover LDAP to a secondary, in case of failure of a primary. Adding a second LDAP server per datacenter will solve this.
Current LDAP servers (running on Ganeti clusters outside Cloud VPS and managed cooperatively with Prod SREs):
- seaborgium.wikimedia.org - EQIAD
- serpens.wikimedia.org - CODFW