Ismael Lezcano wrote:
I have problems (no snickering in the back!)I wrote a script to connect to AD, do some stuff, and spit out an XML file. Works great. I picked up the script and handed it to a colleague to run on his AIX server. Of course, his Perl install was criminally out of date, so I spent a few minutes and did him the favor of running CPAN and updating his 5.8 install with all the necessary modules. I ran the script and lo and behold, this familiar error message pops up: 80090303: LdapErr: DSID-0C090420, comment: The digest-uri does not match any LDAP SPN's registered for this server., Makes me want to slap somebody. I'm confident that all of the modules are up to date, given the fact that I just ran CPAN. But I could be wrong, and the fact that I developed it on 5.10 perl and ran it on a 5.8 perl install... well. Anyway, I printed the SASL object I created via Dumper in a line after the bind attempt. Here's a snippet. The @ldaploginservers is an array of LDAP URLs: my $sasl = Authen::SASL->new(mechanism => 'DIGEST-MD5', callback => { user => $aduser, pass => $adpassword, }, ); my $ldap = Net::LDAP->new(\...@ldaploginservers, async => 0); $mesg = $ldap->bind(sasl =>$sasl); print Dumper($sasl); When I ran it on the working Linux box, I noticed this in the output 'service' => 'ldap', 'host' =>'fully.qualified.name.that.I.changed.for.this.post' On the server that it did NOT work on, I saw this: 'service' => 'ldap', 'host' => '10.3.2.1' Suspicious that this would not go well with AD, I poked around and decided to downgrade the server version of Net::LDAP to 0.34. Bingo! Worked. But now I'm worried that if I upgrade Net::LDAP for some reason in the future, that this, as well as alot of other AD stuff I've written, will die.
Ok, so nobody has responded, so I did some more lab work. I installed every version of Net::LDAP working my way backwards from 0.39, with the idea that I would stop at the version that worked. Every time I ran the script with the DIGEST-MD5 SASL bind it failed, until I hit 0.36. I looked at the Bug Fixes for the release notes of 0.37, and it mentions that there was a patch worded as such: "Pass correct hostname to SASL when connecting to a round-robin". The only module file to change from 0.36 to 0.37 was LDAP.pm. Could it be the call to the $ldap object IO::Socket::INET ($ldap->{net_ldap_socket}->peerhost)is returning an IP address instead of the desired hostname? Should I file a bug on CPAN?
