David Bargna - I have the same requirement at my customer. In reading this article it's reminded me to add in the vales mentioned in the article (and pasted below) alongside the shared/load-balanced name of ldaps.company.com. As long as this is done properly I don't see this breaking. We made a copy of the Kerberos Authentication template, and changed it to "Supply in the request" vs building from AD, then issued a unique cert to each DC.
We know the LDAPs part works via both that shared name (we have a network load-balancer for tcp/636 in front of them) and by the FQDN of each individual DC. As we implement SSO support to on-premises/AD-based resources for Entra ID/cloud-only joined workstations (which are using Entra ID CBA, which btw has the same requirements for Kerberos as old-fashioned, domain-based, Smart Card login to AD), we will know soon if there's any issue there :).
Best regards,
~Andrew
DNS Name=2022DC01.FourthCoffee.com
DNS Name=FourthCoffee.com
DNS Name=FOURTHCOFFEE
DNS Name = ldaps.company.com