We recently lost login ability to the gui. After logging in with the local account, I was able to determine that it was because the LDAP server we had defined was no longer a domain controller. It would be great if 2 or 3 LDAP servers could be defined per authentication source. That way, if one server is down, the others could back it up.
It was just pointed out to me that we can just list the domain name and it will got out and contact any of the domain controllers. So, sorry, just ignore this.
Just if someone else stumbles over this, this will always work as the DNS in an Active Directoy domain will always provide DNS round robin for all DCs by the domain name.
But be aware if not all DCs are available from your location or some have a high latency. I have seen an environment where only 2 of 4 DCs were available which resulted in a bad user experience as sometimes 2 timeouts were needed before a successful login slowing down the login for the user significantly!