< class="prominent-subhead ">

KB001218 - How to setup Kerberos configuration to allow delegation to the LDAP server

This article has been archived, and/or refers to legacy products, components or features. The content in this article is offered "as is" and will no longer be updated. Archived content is provided for reference purposes only. This content does not infer that the product, component or feature is supported, or that the product, component or feature will continue to function as described herein.


It is possible in a K2 distributed environment to configure Kerberos to allow delegation to the LDAP server by following the configuration steps below:

Step 1 - On the Domain Controller browse to Administrative Tools > Active Directory Users and Computers.

Step 2 - Locate the K2 Service Account User > Right-Click > Select “Properties”

Step 3 - Select the “Delegation” tab and then click on the “Add” button.

Step 4 - Click on the “Users or Computers...” button and type in the name of the Domain Controller machine and click OK.

Step 5 - Locate and select the two “ldap” service types and click OK.

Step 6 - Check that the K2 Service Account user now has permission to these services.

Important: When SETSPN –l DOMAIN\ServiceAccount is run, these 2 protocols will NOT be listed under the user's details as these SPNs already exist and are only granted the user rights to use them. They are not explicitly created against this user's account.