Comment 3 for bug 1817955

Same error after upgrading krb5 packages from 1.12+dfsg-2ubuntu5.3 to 1.12+dfsg-2ubuntu5.4.

Adding a principal in a subtree outside the realm container fails.

Realm container DN is "cn=TEST.EXAMPLE.COM,cn=krbContainer,dc=example,dc=com"

But realm has subtree "dc=example,dc=com", with scope = SUB:

# kdb5_ldap_util -D "cn=admin,dc=example,dc=com" -H ldap://ldapserver.example.com view -r TEST.EXAMPLE.COM
               Realm Name: TEST.EXAMPLE.COM
                  Subtree: dc=example,dc=com
              SearchScope: SUB

So I should add a principal anywhere in "dc=example,dc=com" , e.g. "ou=People,dc=example,dc=com" .