Hi, I was posting in another thread, but my findings have not had a reply.
I hope that creating this thread and addressing the findings directly will prompt some nice responses :)

I am referring to the Authentication Server Order located at:
ZCC > Configuration > User Sources > Authentication Servers
I don't believe this Authentication Server Order is being used at all.


We have 3 AD servers in our Connections list:
AD1, AD2, AD3. They are listed in that order. We cannot re-order them.

In our Authentication Server list, for each primary server we only have:
AD1, AD2. In that order.
We have omitted AD3 on purpose as a test.

When doing a check on AD3, AD3 is getting the most ldap lookups from ALL zen servers.
But AD3 is not listed on the Server Authentication list whatsoever!!

So we went onto a Primary server and did :
zman user-source-list-connections our_domain.com
Name | Address | Port | SSL
AD3 | 14x.1xx.xx8.15 | 636 | true
AD2 | 14x.1xx.xx2.66 | 636 | true
AD1 | 14x.1xx.xx2.70 | 636 | true
This lists AD3 first, which is where all the ldap traffic is going.
If we remove AD3 from the connections list, then all traffic starts going to AD2.

So, it appears that it is going bottom-up in the main Connections lists, rather than using any order specified in the Authentication Servers list.

Can anyone confirm this?
This is a real problem on our AD servers.

We need to be able to use the Authentication Servers list to make sure authenitcation requests from specific primary servers go to specific authentication servers. I don't see the point in the Authentication Servers list if it is not being used (i.e. I can re-order the list, moving up and down, but this will have no affect).