Re: issue on Net::LDAP sasl issue on windows 2000.

Wed, 14 Apr 2004 09:12:51 -0700 

On 9/4/04 6:09 pm, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:

> From: [EMAIL PROTECTED]
> 
> Here is a simple script ... i am having very hard time here...
> 
> This is my program
> 
> use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR);
> use Authen::SASL;
> use Net::LDAP::Util qw(ldap_error_name ldap_error_text);
> 
> sub lConnect {
>       my $server = shift;
>       print " the server name is $server\n";
>       my $ldap = Net::LDAP->new($server, port=> 389, version => 3);
>       print "=== The error is $@ <====\n";
>       return($ldap);
> }
> 
> my $ldap = &lConnect('111.11.11.1');
> my $sasl = Authen::SASL->new(mechanism => 'DIGEST-MD5', password
> =>'xyzabc');
> my $isBinded = $ldap->bind ('cn=durairaj avasi,ou=itdev,dc=cow,dc=net',
> sasl => $sasl, version => 3);#
> print "ERROR detected: -> ", ldap_error_name($isBinded->code), " ",
> ldap_error_text($isBinded->code);
> 
> the above program returns the following::
> 
> ERROR detected: -> LDAP_INVALID_CREDENTIALS The wrong password was
> supplied or the SASL credentials could not be processed
> 
> if do a normal bind like
> 
> $ldab->bind($mydn, password=>$password, version => 3);
> 
> ( NOTE without SASL )
> 
> i am getting the following error
> 
> ERROR detected: -> LDAP_STRONG_AUTH_REQUIRED The server requires
> authentication
> be performed with a SASL mechanism
> 
> Note the:: the crendtials are correct .. i use the same credential with
> all my rest of the applications but pointing different server.
> 
> 
> Tested with windows 2000 and windows xp getting the same error msg.
> I have installed 8xx-builds on Windows 2000 and windows xp and tested on both
> ... i am facing same
> issue with both the application.
> 
> what i am doing wrong here.... some say that i should install
> perl-cyrus-sasl-0.02... but i am unable to find that module for 8xx
> environment___________________________________________________________________

You need to set the SASL userid (authcid) instead of just the DN in the
"outer" bind operation. This works for me:

$ldap = Net::LDAP->new("ldap.example.com", port => 389,
                        version => 3);

$sasl = Authen::SASL->new(
              mechanism => "DIGEST-MD5",
              callback => {
                pass => "secret",
                user => "[EMAIL PROTECTED]",
              }
             );
$res = $ldap->bind(sasl => $sasl);

Cheers,

Chris

Reply via email to