LDAP is exactly my specialty but I have tinkered with getting Active Directory connections going so I think I can answer your questions.
Yes it is possible to have mutiple ldap providers defined. Actually this is possibly already the case as the local XL Deploy accounts use their own security provider.
What you need to define is a new bean. And multiple can be defined. In the security.xml you then specifiy which ones to use:
Here the ldapProvider one is the bean that connects to the Active Directory and the jcrAuthenticationProvider one is for XL Deploy's internal users.
Yes, you will need to define your own. Have a look here as to how to do that: https://support.xebialabs.com/entries/38937317-How-to-connect-to-your-ldap-or-active-directory-in-11-steps
Yes you can, this should not be a problem.
As you figured out already XL Deploy uses the Srring Security Framework so if you run into issues you can also search for answers related to that.
Hope this helps!