diff --git a/inventory/local/group_vars/all/all.yml b/inventory/local/group_vars/all/all.yml
index 53e7cbd..8ade83f 100644
--- a/inventory/local/group_vars/all/all.yml
+++ b/inventory/local/group_vars/all/all.yml
@@ -4,7 +4,7 @@ ldap_setup: true
 kerberos_setup: true
 sssd_setup: true
 
-domain: "linux.example.local"
+domain: "linux.gstwdt.local"
 
 openldap_linux: '{{ domain.split(".")[0] | lower }}'
 openldap_org: '{{ domain.split(".")[1] | lower }}'
diff --git a/roles/kerberos/files/blksmanager b/roles/kerberos/files/blksmanager
index b86f1cd..a05b883 100755
--- a/roles/kerberos/files/blksmanager
+++ b/roles/kerberos/files/blksmanager
@@ -67,8 +67,8 @@ done
 
 function add_to_ldap ()
 {
-ldapadd -h $HOST_IP -D "cn=$ADMIN, $ldapDN" -w $ADMIN_PASS << EOF
-dn: uid=$USERNAME,cn=sudobase,cn=Workers,ou=SUDOers,dc=$DC1,dc=$DC2,dc=$DC3
+ldapadd -h $HOST_IP -D "cn=$ADMIN,$ldapDN" -w $ADMIN_PASS << EOF
+dn: uid=$USERNAME,cn=sudobase,cn=Workers,ou=SUDOers,$ldapDN
 objectClass: top
 objectClass: posixAccount
 objectClass: inetOrgPerson
@@ -84,6 +84,12 @@ gecos: $USERNAME
 loginShell: /bin/bash
 homeDirectory: /home/$USERNAME
 EOF
+ldapmodify -h $HOST_IP -D "cn=$ADMIN,$ldapDN" -w $ADMIN_PASS << EOF
+dn: cn=sudobase,cn=Workers,ou=SUDOers,$ldapDN
+changetype: modify
+add: sudoUser
+sudoUser: $USERNAME
+EOF
 }
 
 function add_kerberos ()
@@ -99,7 +105,15 @@ kadmin.local -q "ktadd -norandkey -k $KEYTAB $USERNAME@$UPPER_DOMAIN"
 
 function del_ldap_kerberos ()
 {
-ldapdelete -h $HOST_IP -x -D "cn=$ADMIN,dc=$DC1,dc=$DC2,dc=$DC3" "uid=$USERNAME,cn=sudobase,cn=Workers,ou=SUDOers,dc=$DC1,dc=$DC2,dc=$DC3" -w $ADMIN_PASS
+ldapdelete -h $HOST_IP -x -D "cn=$ADMIN,$ldapDN" "uid=$USERNAME,cn=sudobase,cn=Workers,ou=SUDOers,$ldapDN" -w $ADMIN_PASS
+
+ldapmodify -h $HOST_IP -D "cn=$ADMIN, $ldapDN" -w $ADMIN_PASS << EOF
+dn: cn=sudobase,cn=Workers,ou=SUDOers,$ldapDN
+changetype: modify
+delete: sudoUser
+sudoUser: $USERNAME
+EOF
+
 kadmin.local -q "delete_principal $USERNAME@$UPPER_DOMAIN"
 kdestroy
 }
@@ -168,6 +182,8 @@ then
         DC2=$(echo "$DOMAIN" | cut -d"." -f2)
         DC3=$(echo "$DOMAIN" | cut -d"." -f3)
 
+        ldapDN="dc=$DC1, dc=$DC2, dc=$DC3"
+
         del_ldap_kerberos
     fi
 else