We need to configure two AD domain controllers/ldap servers behind a load balancer. The certificates for the servers (to allow ldaps) must have a common host name in order for the application server to see the correct cert when it connects.
For the Certs for the DCs we created the following Subjects:
Subject = "CN=AUTH.dom.ORG,OU=DomNTBZ07,O=DOM,C=US,S=state,L=city"
Note that the CN is the DNS name for the load balancer VIP.
The question is whether once the certs are installed whether AD will accept them as appropriate and enable ldap over SSL. We'll know soon