I do not think so, but I may not fully understand what "subtree" implies.
The realm was initially created with a command equivalent to: kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees dc=example,dc=com -r TEST.EXAMPLE.COM -s -H ldap://ldapserver.example.com with user entries like: dn: uid=testuser,ou=People,dc=example,dc=com I explicitly added the ou=People,dc=example,dc=com with "kdb5_ldap_util ... modify -subtrees ...", but that did not help. Setting sscope to 2 also did nothing. I can add a principal without specifying dn, but that leads to an entry like: dn: [email protected],cn=TEST.EXAMPLE.COM,cn=krb5,dc=example,dc=com -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1817955 Title: Getting new "DN is out of the realm subtree" error on adding principal To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1817955/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
