In our experience, the all CAPS domain name can cause problems. The entire FQDN needs to be lowercase to work properly. Warmest regards, Jason Trupp Symas Corporation/Evolveum MidPoint Support Engineer – Trainer (855) LDAP-GUY -----Original Message----- From: Cyrus-sasl [mailto:cyrus-sasl-bounces+jtrupp=symas.com@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Jaap Winius Sent: Friday, April 14, 2017 4:54 AM To: Dieter Klünter Cc: cyrus-sasl@xxxxxxxxxxxxxxxxxxxx Subject: Re: Server ldap/localhost@xxxxxxxxxxx not found in Kerberos database Quoting Dieter Klünter <dieter@xxxxxxxxxxxx>: >> slapd[1668]: GSSAPI Error: Unspecified GSS failure. \ >> Minor code may provide more information \ >> (Server ldap/localhost@xxxxxxxxxxx not found in Kerberos database) > [...] > > The slapd user must be able to read the relevant keytab. Already covered: I do that by giving the openldap group read access to it. Otherwise, /etc/hostname is okay, 'hostnamectl status' gives the same, there's nothing weird in /etc/hosts and the DNS forward and reverse records give all the same answers. Cheers, Jaap