> Are you receiving the service principal ticket for the ldap server (e.g.
> ldap/<hostname>@REALM)?
I am receiving krbtgt/<hostname>@REALM
>
> The error you're receiving is possibly due to the AD/mit/kerberos
> interaction rather than cyrus. I had success trouble shooting a 'packet too
> large', or something similar, once with wireshark. That was with Heimdal and
> AD. I ended up forcing Heimdal to use TCP when talking to the AD server. In
> /etc/krb5.conf:
>
> [realms]
> EXAMPLE.NET = {
> kdc = tcp/ad.example.net
> kdc = ad.example.net
> admin_server = ad.example.net
>
> - Dan
>
I have this working perfectly on a CentOS 5.2 system with kernel
2.6.18 using OpenLDAP 2.3.27, cyrus-sasl 2.1.22, and krb5 1.6.1
without any additional configuration.
It could certainly having something to do with Linux versus AIX or
OpenLDAP 2.3.27 versus 2.4.12 or krb5 1.6.1 versus 1.6.3.
