Re: Redundant LDAP Servers - FSSO
how about to have one FSSO Collector agent installed on first DC, asking local LDAP. Plus second FSSO Collector on second DC also asking local LDAP. And then have those two Collectors in one FSSO Agent setting in FortiGate. So when one Collector became unreachable then second one will be used until it fails as well.
So when local LDAP on any of DCs fail, then local collector will fail most probably as well as DC will be in more serious troubles then Collector not running.
This is usual scenario for FSSO resilience.