I noticed an odd behavior in the LDAP provider if multiple directory URLs are given as the value of the PROVIDER_URL (as seen in http://java.sun.com/products/jndi/tutorial/ldap/misc/url.html#MULTI).
Using such a connection if an application attempts to bind with an incorrect password (which naturally results in a bind failure response from LDAP server), the LDAP provider will attempt to reconnect to all of the URLs listed in the PROVIDER_URL.
This seems like a bug. If the first contacted LDAP server returns a result indicating that the password is incorrect, that should be treated as an authoritative answer. There is no reason to query every other listed server, since (assuming they are mirrors of each other as should be expected) they will all return the same answer.