Kerberos + LDAP question

Pascal Jakobi pascal.jakobi at
Thu Apr 30 09:08:23 EDT 2015

I have setup a KDC and an openldap server. Both seem to work like a 
charm and are linked (krb5-server-ldap package).
Only a small issue remains. Not sure this is not a limitation in the server.

Here is what I see.

1/ If I create a principal in kadmin.local, "/*addprinc 
test1 at JAKOBI.FR*/", the corresponding principal is stored in the realm 
subtree in the directory.
2/ If I create a principal in kadmin.local with its LDAP DN, "/*addprinc 
-x dn="uid=test2,ou=people,dc=jakobi,dc=fr*//*" test2 at JAKOBI.FR*/", the 
DN entry is updated with the kerberos info stuff (principal name, etc.) 
- which is fine. However, the principal does not seem to be created in 
the directory, but rather on the KDC.

Is this the expected behaviour ?
If so, should I update manually, the DN and the principal entry by hand 
in the Directory ?

Thanks in advance

Pascal Jakobi <mailto:pascal.jakobi at>
116 rue de Stalingrad
93100 Montreuil, France
Tel : +33 6 87 47 58 19

More information about the krbdev mailing list