On Monday, 19 September 2011 02:41:30 Jason_Haar@trimble.com wrote:

(I'm using ldapsearch to dump Active Directory LDAP data via the DNS round-robin entry for the domain name: as such the LDAP host *never* matches the hostname DNS round-robin gives back - and I don't care - I just don't want the network group sniffing my password ;-)

Then your 'Active Directory' servers should have subjectAltName extensions for the DNS round-robin hostname ...