Currently we prompt the admin for an LDAP hostname/port for AD configuration.
This is an issue, since AD administrators don't tend to work in terms of
hostname/port. We should instead prompt for AD domain. We should even be able to
dispense with the admin username/password if all we are doing is authenticating
users via an LDAP bind.
Kohsuke Kawaguchi's blog has much more detail -
"This allows users to avoid hard-coding LDAP server name, and so they won't need
to update your config as domain controllers come and go. SRV records also return
information about fallback servers and round-robin mechanism (like MX records),
and your program can do the right thing."