spn alias

Sat Mar 8 15:23:29 EST 2025

>> If you are using MIT Kerberos (anything 1.10 or newer) on the         
>> LDAP server, you can use the krb5.conf configuration entry            
>> "ignore_acceptor_hostname" to allow the server to match on any valid  
>> hostname.  See details here:                                          
>
>Hi Ken,
>
>that did it. Thank you. Now we get the ticket trough the loadbalancer.  
>But OpenLDAP is complaining about the name of the principal is not      
>matching the fqd.  WE now will go the way without the load balancer. We 
>will use SRV-records.                                                   

Hm, _OpenLDAP_ is complaining?  Are you sure?  Like, how does it even know?
Exactly what error are you getting?

--Ken