Hi Peter, "Peter Marschall" <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > Hi Steve, > > On Thursday 04 August 2005 11:52, SteveC wrote: > > I have been trying to authenticate to an Active Directory LDAP server using > > Authen::SASL::Perl::DIGEST_MD5 and am failing. Using OpenLDAP's ldapsearch > > and the -Y DIGEST-MD5 command line option, I can authenticate with no > > problem -- so the credentials I am using are certainly correct. However, > > with the script below I get an error code 49 -- invalid credentials. ... > > The only thing of note in the AD environment is that we have multiple > > domain controllers. This lead me to look at the 'serv' callback parameter, > > as that appears to be used when there is a replicated service. One thing I > > have noticed while investigating this, is that there appears to be a bug in > > the 'serv' parameter handling of the DIGEST_MD5 module. When this > > parameter is present, the module appends the value to digest_uri (note the > > underscore), it should do so to digest-uri. However, even when I change > > the module and try to use this parameter I still get the same > > authentication problem. [In my testing with ther 'serv' parameter, the > > $host is the fqdn of a domain controller, and the serv value was the name > > of the domain I am trying to authenticate to.] > > I guess you are right with digest-uri vs. digest_uri > > A few questions / requests: > - Did you replace both occurrences of 'digest_uri' with 'digest-uri' ? > - Did you try the script with Authen::SASL::Cyrus as Backend ? > - Did you check the communication for the different implementations > on the wire ? > > If not, would you mind to do so ? > > Thank you for your help > Peter > > > -- > Peter Marschall > eMail: [EMAIL PROTECTED]
Wrt your points above: - I only saw one instance of 'digest_uri' -- I have checked on the CPAN site (in source DIGEST_MD5) and that is all that I can spot there as well. All the other occurences are the correct 'digest-uri'. - The reason I was trying the Perl version of the DIGEST-MD5 SASL authentication was that I am having even more problems with the Cyrus version! I have downloaded and installed the most recent version (the 0.13-server version) ---built against cyrus SASL2. But when I try to use it (the same test script as my original post except removing the qw/Perl/) I get a 'Local error' message -- there is no network activity -- hence my 'even more problems' comment! - I don't have access to the test environment at the moment, but from what I remember, when using ldapsearch the DIGEST authentication actually selects 'auth-conf', whereas the perl module selects 'auth'. Steve
