Major Description
LDAP can be a very convenient way to manage authentication and authorization for human users of the system, but there can be issues configuring the system to authenticate in LDAP for application identities. By "application identities" I mean the identity of the user that's configured to authenticate in Couchbase in the application code.
We should write a warning or note of some sort in the LDAP docs - the "understanding LDAP authentication and authorization" seems about right. We should say something like the following:
Note: While LDAP is a convenient way to manage authentication and authorization for human users of Couchbase Server, it is probably not an appropriate way to manage authentication and authorization of application identities that access Couchbase Server for two reasons. First, Couchbase Server needs to access LDAP on initial authentication which will add extra latency to in the connection-establishment sequence that is likely to be undesirable when applications connect to the server. Second, if LDAP is down or the connection to LDAP is unreliable, the system can be effectively unavailable to clients and this increased risk of no availability is also unlikely to be palatable to most application clients.