I have problems (no snickering in the back!)
I wrote a script to connect to AD, do some stuff, and spit out an
XML file. Works great. I picked up the script and handed it to a
colleague to run on his AIX server. Of course, his Perl install was
criminally out of date, so I spent a few minutes and did him the favor
of running CPAN and updating his 5.8 install with all the necessary
modules. I ran the script and lo and behold, this familiar error
message pops up:
80090303: LdapErr: DSID-0C090420, comment: The digest-uri does not
match any LDAP SPN's registered for this server.,
Makes me want to slap somebody.
I'm confident that all of the modules are up to date, given the
fact that I just ran CPAN. But I could be wrong, and the fact that I
developed it on 5.10 perl and ran it on a 5.8 perl install... well.
Anyway, I printed the SASL object I created via Dumper in a line
after the bind attempt. Here's a snippet. The @ldaploginservers is an
array of LDAP URLs:
my $sasl = Authen::SASL->new(mechanism => 'DIGEST-MD5',
callback => {
user => $aduser,
pass => $adpassword,
},
);
my $ldap = Net::LDAP->new(\...@ldaploginservers, async => 0);
$mesg = $ldap->bind(sasl =>$sasl);
print Dumper($sasl);
When I ran it on the working Linux box, I noticed this in the
output
'service' => 'ldap',
'host' =>'fully.qualified.name.that.I.changed.for.this.post'
On the server that it did NOT work on, I saw this:
'service' => 'ldap',
'host' => '10.3.2.1'
Suspicious that this would not go well with AD, I poked around and
decided to downgrade the server version of Net::LDAP to 0.34. Bingo!
Worked. But now I'm worried that if I upgrade Net::LDAP for some
reason in the future, that this, as well as alot of other AD stuff
I've written, will die.
