Comment 2 for bug 1812764

The charm configuration option is a direct pass through to the keystone ldap url configuration option which specifies:

"URL(s) for connecting to the LDAP server. Multiple LDAP URLs may be specified
 as a comma separated string. The first URL to successfully bind is used for the
 connection."

This is configured directly in the backend:

[ldap]
url = {{ options.ldap_server }}
user = {{ options.ldap_user }}

So I'm guessing that the fault here lies in whatever failover code exists in keystone and the underlying LDAP library to support failure detection and failover.