IBM Support

How to resolve Unknown code krb5 7 Kerboros error during command line LDAP search

Troubleshooting


Problem

When executing an LDAP Search command to query Microsoft Active Directory to list mailboxes on a Microsoft Exchange Server a Kerberos Unknown code krb5 7 error will be generated if no reverse DNS is established for the domain.

Symptom

Unknown code krb5 7 Kerboros error is produced during LDAP search from command line

Cause

The GSSAPI which is used with Kerberos requires that a reverse DNS be defined in the domain. GSSAPI resolves the reverse DNS of the IP address to which it's connecting and uses that.

Environment

Linux

Diagnosing The Problem

When executing an kinit and LDAP search command such as

#kinit user@example.com


#ldapsearch -Q -LLL -h <fully_qualified_Active_Directory_server_hostname> -b "dc=<domain>,dc=com" "(&(&(&(mailnickname=*)(mail=*))(&(objectCategory=person)(objectClass=user)))(msExchHomeServerName=*))" mail
the Unknown code krb5 7 Kerboros error is produced.

Resolving The Problem

Configure a Reverse DNS Lookup definition using the Active Directory DNS Manager application.

[{"Product":{"code":"SSDTG7","label":"IBM eDiscovery Identification and Collection"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"StoredIQ Platform","Platform":[{"code":"PF006","label":"CentOS"}],"Version":"7.5.1;7.5.0.2;7.5.0.1","Edition":"All Editions","Line of Business":{"code":"LOB10","label":"Data and AI"}},{"Product":{"code":"SSSHEC","label":"StoredIQ"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSDUBN","label":"Policy Assessment and Compliance"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
17 December 2020

UID

swg21681940

Page Feedback