17 Apr
2017
17 Apr
'17
2:05 p.m.
One addition,
- domain name your.corner.of.the.world (for
dc=your,dc=corner,dc=of,dc=the,dc=world)
When you server dc=example,dc=com from a server named ldap.example.com then you should ldap.example.com as the domain name, not example.com (as per RFC 6698, Section 3, point 3). Your record will then be "_389._tcp.ldap.example.com. IN TLSA ...".
As indicated, this may not yet be done in client / peer implementations.
-Rick