Enhance existing LDAP Realm or define a new LDAP Realm which handles Failover and a few other features requested by developers on GF mailing lists. Here are the specific feature requests by GlassFish developers on mailing lists :
1. Failover (among list of replicas/backups),
2. possibly support a Split-LDAP (where part of the user-db is in one store and part of it is in another). This one would be lower priority for us.
3. fix problem with current LDAPRealm w.r.t UserSearch and Anonymous Login :http://forums.java.net/node/735641
The LDAP Login Module in JDK : (http://download.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html)
has support for specifying a list of LDAP URL's (in support for item 1 and developers have indicated that it does not have problem 3 as well).
So one approach is to define a new LDAPRealm that makes use of this JDK LDAP Login Module. Then Parity with existing LDAPRealm in GlassFish in terms of its features will not be an issue. Such a realm can then be provided to developers as a separate download rather than make it part of GlassFish V3.2 code base.