JNDI, which is used by the LDAP connector, always picks up the first keys it finds in the keystore, as documented below:
Client Requirements: This example requires the client to have an X.509 SSL client certificate. Moreover, the certificate must be stored as the first key entry in a keystore file. If this entry is password-protected, it must have the same password as the keystore.
This should be configurable so that the connector only pick up the key specified in the configuration