In elytron DirContext there is possibility to provide list of URIs ldap://server1.com:10389 ldap://server2.com:10389. This JDK feature enables failover automatically, if one server is down second is accessed. Elytron authentication context will not be able to provide different user/password pairs for these to servers. Only same user/password for both servers.

It is same limitation as in legacy security solution, because it is limitation of JDK. After writing this down it does not seem to me to be a problem, anymore. Do you agree rhn-support-bmaxwell?