The constructor of DefaultSpringSecurityContextSource requires you to pass a specially formatted string if you want it to use more than one LDAP servers (fail-over scenario). This string format is hard to ensure/ construct from the XML configuration. Instead, it would be easier to pass a List<String> of LDAP URLs and a base DN string.
I've already creates a patch and posted a Gitorious Merge request here: http://git.springsource.org/spring-security/spring-security/merge_requests/3
The summary is this:
I've added a convenience constructor to DefaultSpringSecurityContextSource which takes a List of server URLs and the base DN to construct a provider provider URL that the underlying Spring LDAP understands.
This saves users the hassle of finding out how the provider URL should look like in server fail-over setups. The new constructor takes care of putting everything together in the right order.
Test cases have been included.
I'd be very happy to see this included in trunk.