On 24/06/2022 09:32, Serge Krawczenko via FreeIPA-users wrote:
ldapsearch operates properly with `hostname` but not localhost With localhost i'm getting GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Server ldap/localhost@<REALM> not found in Kerberos database) Any actions needed to enable ldap/localhost principal > This is for better understanding rather than practical use.
ldapsearch constructs the Kerberos principal name based on 'ldap' and the hostname you specify. Think of it this way: ldap/server1, ldap/server2 are separate identities within a kerberos realm.
So, when told to connect to 'localhost' ldapsearch is very simply going to try to authenticate to ldap/localhost, which wouldn't exist in a normal Kebreros realm. As indeed, it doesn't in yours as shown by the error message.