The table cwd_directory_attribute contains connection parameters for user directories. Now, if one enters the following string for attribute name "ldap.url", you obtain the desirable result that users can be authenticated against the secondary LDAP server in case the primary LDAP server is not available (confirmed via authentication tests):

"ldaps://<primary_ldap_dns>:<ldap_port> ldaps://<secondary_ldap_dns>:<ldap_port>"

However, if you attempted to update the URLs via the Web UI, you reach an error page with the following explanation:

Cause
Referer URL: https://<jira_host>/jira/plugins/servlet/embedded-crowd/directories/list
Request processing failed; nested exception is org.springframework.beans.FatalBeanException: Could not copy properties from source to target; nested exception is java.lang.reflect.InvocationTargetException

And the following info in catalina.out:

Caused by: java.lang.NumberFormatException: For input string: "<ldap_port> ldaps://<secondary_ldap_dns>:<ldap_port>"

Apparently, this admin page is incapable of handling multiple servers. I tried different syntaces - to no avail. Btw, we have custom ldap ports, so leaving <ldap_port> off after the <primary_ldap_dns> is not an option.

NB: To duplicate this you need to have an admin user in a local directory and regular users in a directory withe delegated authentication.