Active Directory: What connects the KDC's principals to LDAP entries?

active-directory ldap kerberos

In Active Directory, what connects the KDC's principals to their corresponding LDAP entries? For example, my KC principal might be 

Name[/Instance]@REALM
john/[email protected]

and my LDAP entry might be:

dn: cn=john,dc=company,dc=com
objectclass: somewhere

but how does Active Directory "connect" the two? SRV records? For example, when I log in (i.e., use Kerberos), how does AD match my Kerberos principal to my LDAP entry?

UPDATE: This MSDN article comes close to answering the question, but doesn't clearly explain the flow: "The Key Distribution Center (KDC) is implemented as a domain service. It uses the Active Directory as its account database and the Global Catalog for directing referrals to KDCs in other domains.. The KDC for a domain is located on a domain controller, as is the Active Directory for the domain. Both services [ sic? probably meant the 3 services of Kerberos: AS, TGS, and password reset ] are started automatically by the domain controller's Local Security Authority (LSA) and run as part of the LSA's process."


Solution 1:

An ldap attribute called SPN (service provider name) the primary being HOST

Related

Forwarding from A Record's IP Address
Unable to export VM from Hyper-V
Docker MySQL - You must set environment variables but it is set already
Since VFRC feature in VMware is now end of lifed, what can I replace it with?
Ansible won't connect via SSH
Configure multiple search suffix domains in Unifi Security Gateway (dhcp option 119 domain search)
Why does my HP Proliant DL380 G6 only use 6 out of 12 physical cores when my HyperV VM is under load?
Apache Web Server Aliasing for multiple url giving 404
Customize web form script generation
Global int variable objective c
Get java version number from python
Deleted files status unreliably reported in the new Google Drive Android API (GDAA)