The iManager plug-in for SASL-GSSAPI will not work if iManager is not configured to use SSL/TLS connection to eDirectory. A secure connection is mandated to protect the realm's master key and principal keys.
By default, iManager is usually configured for SSL/TLS connection to eDirectory. You need to add the SSL trusted root certificates of the LDAP server that you use for Kerberos administration to iManager.
For information on configuring iManager with SSL/TLS connection to eDirectory, refer to the NetIQ iManager 2.7 Administration Guide.
Complete the following procedures in the order given:
When you merge two trees, either or both configured with the SASL-GSSAPI method, you need to manually create all the Kerberos objects that are in the source tree in the target tree.