OK, I was probably a bit inaccurate about the algorithm with LDAP lookup. I had an impression that IPA always picks the first value, but it looks like it does have some randomization, but somehow the first entries are chosen more often. I had to run "ipa vault-retrieve" 5-8 times until it finally chose the right IPA server.
While this randomization is better than no randomization at all, still I believe that's a suboptimal behavior... When a chosen IPA server fails, it must try another one immediately, instead of failing... I think the role model here is how IPA discovers servers via SRV records or how krb5 discovers KDCs - there is a way to specify preference, but at the same time there is automatic resilience...
Then again, maybe I got this all totally wrong...=)
--- Regards, Dmitry Perets