Same error after upgrading krb5 packages from 1.12+dfsg-2ubuntu5.3 to 1.12+dfsg-2ubuntu5.4.
Adding a principal in a subtree outside the realm container fails.
Realm container DN is "cn=TEST.EXAMPLE.COM,cn=krbContainer,dc=example,dc=com"
But realm has subtree "dc=example,dc=com", with scope = SUB:
# kdb5_ldap_util -D "cn=admin,dc=example,dc=com" -H ldap://ldapserver.example.com view -r TEST.EXAMPLE.COM Realm Name: TEST.EXAMPLE.COM Subtree: dc=example,dc=com SearchScope: SUB
So I should add a principal anywhere in "dc=example,dc=com" , e.g. "ou=People,dc=example,dc=com" .
Same error after upgrading krb5 packages from 1.12+dfsg- 2ubuntu5. 3 to 1.12+dfsg- 2ubuntu5. 4.
Adding a principal in a subtree outside the realm container fails.
Realm container DN is "cn=TEST. EXAMPLE. COM,cn= krbContainer, dc=example, dc=com"
But realm has subtree "dc=example, dc=com" , with scope = SUB:
# kdb5_ldap_util -D "cn=admin, dc=example, dc=com" -H ldap:// ldapserver. example. com view -r TEST.EXAMPLE.COM
Realm Name: TEST.EXAMPLE.COM
Subtree: dc=example,dc=com
SearchScope: SUB
So I should add a principal anywhere in "dc=example,dc=com" , e.g. "ou=People, dc=example, dc=com" .