------------------------------------------------------------------------ r22710 | ghudson | 2009-09-03 16:41:56 -0400 (Thu, 03 Sep 2009) | 10 lines ticket: 6557 subject: Supply canonical name if present in LDAP iteration target_version: 1.7.1 tags: pullup In the presence of aliases, LDAP iteration was supplying the first principal it found within the expected realm, which is not necessarily the same as the canonical name. If the entry has a canonical name field, use that in preference to any of the principal names. https://github.com/krb5/krb5/commit/db83dc990bd338aa803e042b0816af640062fb08 Commit By: tlyu Revision: 23634 Changed Files: U branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c