I'm trying to create a principal linked to an ldap object according to the MIT documentation. This is my ldap structure:LDAP STRUCTURE
Once I've created the UID object in the Ldap ou=people,dc=domain,dc=com, (cn=nano,dc=people,dc=domain,dc=com), when I try to add the principal with the link dn attached I receive:
kadmin.local: add_principal -x linkdn=uid=nano,ou=people,dc=domain,dc=com nano
NOTICE: no policy specified for nano@DOMAIN.COM; assigning "default"
Enter password for principal "nano@DOMAIN.COM":
Re-enter password for principal "nano@DOMAIN.COM":
add_principal: DN is out of the realm subtree while creating "nano@DOMAIN.COM".
I've been looking up a solution in the internet and all I've found is a bug report.
Yast User and Group manager is able to create the user and to create a principal linked to it through the UserKerberosPlugin.
Anybody knows what could I've misconfigurated?
EDIT: I noticed that it does not recognizing any subtree:
dc01:~ # kdb5_ldap_util -r DOMAIN.COM -H ldapi:/// -D "cn=Manager,dc=domain,dc=com" -W view
Password for "cn=Manager,dc=domain,dc=com":
Realm Name: DOMAIN.COM
So, I tryed to submit it to the kerberos database:
dc01:~ # kdb5_ldap_util -r DOMAIN.COM -H ldapi:/// -D "cn=Manager,dc=domain,dc=com" create -subtrees "ou=people,dc=domain,dc=com" -sscope 2
Password for "cn=Manager,dc=domain,dc=com":
Initializing database for realm 'DOMAIN.COM'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_ldap_util: Already exists while creating realm 'DOMAIN.COM'
Why could be happening this?
Thank you so much. Kind Regards.
