To help me reproduce and verify this, can you describe your setup where slapd stores its credentials in the KCM?
I'm asking because I do see these denials, but they don't appear to affect operation with a keytab, and I haven't been able to get slapd to work without a keytab. I'm guessing I might be missing an option to kinit (thereby caching insufficient credentials), or something.
(I can cache my own credentials in the KCM, and auth with those, just fine.)
Or from a different angle: does your setup work properly if you aa-complain slapd?
Hi Kartik,
To help me reproduce and verify this, can you describe your setup where slapd stores its credentials in the KCM?
I'm asking because I do see these denials, but they don't appear to affect operation with a keytab, and I haven't been able to get slapd to work without a keytab. I'm guessing I might be missing an option to kinit (thereby caching insufficient credentials), or something.
(I can cache my own credentials in the KCM, and auth with those, just fine.)
Or from a different angle: does your setup work properly if you aa-complain slapd?