Hi, On Thursday 24 June 2004 18:44, Hirmke Michael wrote: > using the code snippet below against an Actice Directory GC with Exchange > 2003 installed, I get an authentication error: "The wrong password was > supplied or the SASL credentials could not be processed". > With a higher debug level I get: > > 30 84 00 00 00 BE 02 01 03 61 84 00 00 00 B5 0A 0........a...... > 01 31 04 00 04 82 00 82 38 30 30 39 30 33 30 33 .1......80090303 > 3A 20 4C 64 61 70 45 72 72 3A 20 44 53 49 44 2D : LdapErr: DSID- > 30 43 30 39 30 33 46 42 2C 20 63 6F 6D 6D 65 6E 0C0903FB, commen > 74 3A 20 54 68 65 20 64 69 67 65 73 74 2D 75 72 t: The digest-ur > 69 20 64 6F 65 73 20 6E 6F 74 20 6D 61 74 63 68 i does not match > 20 61 6E 79 20 4C 44 41 50 20 53 50 4E 27 73 20 any LDAP SPN's > 72 65 67 69 73 74 65 72 65 64 20 66 6F 72 20 74 registered for t > 68 69 73 20 73 65 72 76 65 72 2E 2C 20 64 61 74 his server., dat > 61 20 30 2C 20 76 65 63 65 00 87 28 72 73 70 61 a 0, vece..(rspa > 75 74 68 3D 38 64 66 31 62 65 61 65 31 65 63 32 uth=8df1beae1ec2 > 66 62 61 61 36 34 61 37 39 64 34 61 63 39 65 37 fbaa64a79d4ac9e7 > 66 66 63 30 __ __ __ __ __ __ __ __ __ __ __ __ ffc0 > > > Can anyone explain, what is meant with "digest-uri does not match any LDAP > SPNs ..."? Running the same script against AD DCs without Exchange 2003 > works perfect, though.
This is an error message prodced from MS ADS. Maybe it is documented somewhere in the MS ADS documentation ;-) Now let's get serious: The digest-uri in the DIGEST_MD5 mech is constructed like SERVICE/HOST or SERVICE/HOST/SERV where the optional part SERV is the value of the serv callback in the Authen::SASL-New() constructor and SERVCE and HOST are dynamically filled from the users of the Authen::SASL object. When used with Net::LDAP SERVICE is set to "ldap" and HOST is the name of the host Net::LDAP->new() connects to. See the MS docuemtnation what kind of digest-uri MS ADS 2003 GCs support. Google found MS KB article 298718 (just a hint ;-) Peter -- Peter Marschall eMail: [EMAIL PROTECTED]
