Cause: This error is generated in eDirectory. The user_FDN object does not exist.
Cause: This error is generated in eDirectory. The Kerberos principal name is not attached to the user object (userdn).
Cause: This error is generated in eDirectory. The realm object does not exist.
Cause: Not enough memory to perform the specific operation.
Cause: Token from client is defective or invalid
Cause: This error is generated in NMAS and is an internal error.
Cause: The LDAP service principal name is invalid.
Cause: The LDAP service principal object is not created.
Cause: The realm object’s master key is changed.
Cause: The LDAP service principal object was not found in the subtree of the realm to which it belongs.
Cause: The time is not in sync between the client, KDC and the eDirectory servers.
Cause: The key of the LDAP service principal was changed in the Kerberos database, but not updated in eDirectory.
Cause: The encryption type is not supported.
Cause: The user FDN provided by the client is not valid.
Cause: A user object under the subtree is not attached with the Kerberos principal name.
Cause: More than one user object under the subtree is associated with the same principal.
Cause: The cause might be the version mismatch between the LDAP service principal on the KDC server and the LDAP service principal on the eDirectory server. This is because every time you extract the LDAP service principal key to the keytab file, the key version number gets incremented.
Action:
Complete the following procedure:
Update the key in eDirectory server so that the version numbers are in sync.
Destroy the tickets at the client.
Get the TGT again for the principal.
Perform the LDAP sasl bind operation.