Even though there is a reverse proxy solution [1] to stand up Apache/NGINX to authenticate to multiple LDAP servers and have Gerrit use the authentication from Apache/NGINX, it is not without it's own issues. The most common seems to be the inability to log out [2].
It would be really nice if the Gerrit could try multiple LDAP connections. The gerrit.config could just have multiple [ldap "name"] entries with a searchOrder value that indicates which order to authenticate with and the first match wins.
[auth]
type = LDAP
[ldap "domain-A"]
searchOrder = 1
server = ldap://ldap.example.com:3268
username = binduser
accountBase = OU=UnitA,DC=example,DC=com
groupBase = OU=UnitA,DC=example,DC=com
accountPattern = (sAMAccountName=${username})
accountFullName = displayName
accountEmailAddress = mail
[ldap "domain-B"]
searchOrder = 2
server = ldap://ldap-2.example2.com:3268
username = binduser
accountBase = OU=UnitB,DC=example2,DC=com
groupBase = OU=UnitB,DC=example2,DC=com
accountPattern = (sAMAccountName=${username})
accountFullName = displayName
accountEmailAddress = mail
[1] https://groups.google.com/d/topic/repo-discuss/YZvpqo2BqOY/discussion
[2] https://groups.google.com/d/topic/repo-discuss/7ojGVGE8iSU/discussion