there is a 4-node cluster with edir/LDAP incl. replika on each node. As
client there are a lot of applications which do authentication tasks against
the ldap. Unfortunately in the most of this applications it is possible to
configure only one ldap server ...

I have created a LDAP Cluster Resource. This was done by estabilish i simple
IP-Address Resource (LDAP_SERVER), and make a DNS A-Record to
ldap.mycompany.com. Because eDir bind to all interfaces nldap answered to
requests to ldap.mycompany.com. Perfect! :-)

But ldaps has the problem that certificates are wrong because the answering
host is <nodename>.mycompany.com. And the nodename changes with the cluster
node on which the ldap resource is runing.

So i want to use 'Subject alternative names' in the certificate. Now i have
a certificate for 'ldap.mycompany.com' including the IP-Addr. and Nodenames.
But how i assign it to the LDAP-Service?

Is that the right way to note the OU where the certificate is stored in

Or is there way to use the 'original' Server-Cert. (named in nds.conf) and
add the 'subject alternative names'?