https://bugs.openldap.org/show_bug.cgi?id=9543
--- Comment #3 from Julien Wadel julien.wadel@belledonne-communications.com --- The IP is dynamic so this is not a solution. And I don't think that using IP in certificates is something to do. I wrote about the private test server in order to illustrate a way to use. This is the same when using proxies etc. The point is that we cannot explicitly set dns servers in LDAP without changing the environment(I guess). I let you think about all cases where it is needed.
But what is breaking the RFC? The check is still done. LDAP is still checking the IP that it is communicating with the name that it should be own. This is just a easiest way to do where we cannot set a dns server in LDAP (But I maybe wrong on this point)