Make sure users in a remote office authenticate against the local server.
In a remote office you have a slave and a member server with an app installed. When using the app the member server authenticates through the VPN connection against the master server instead of using the local available slave (or backup) server.
There are ucr variables for this purpose:
Several LDAP servers can be operated in a UCS domain. The primary one is specified with ‘ldap/server/name’. Further servers are automatically managed by a Listener module through this variable.
Several LDAP servers can be operated in a UCS domain. The primary one is specified with this variable. Further servers are specified via ‘ldap/server/addition’.
ucr set ldap/server/name=local.slave-server.com
For failover purpose you should additionally set the master server in case the local server fails:
ucr set ldap/server/addition=main.master-server.com
Note: This authentication is independent from the LDAP synchronization. See this article for details regarding synchronization.