Hi
I'm using a simple program to autenticate
on Active Directory.
(I found this code on the net)
but i get this error message:
80090303: LdapErr: DSID-0C090420, comment: The digest-uri does not match any
LDAP SPN's registered for this server.
The digest-uri that Net::LDAP send is:
digest-uri="ldap/10.10.10.20"
(one of multiple ip address associated to users.mycompany.it)
if I translate the ip address to the "host name"
I can autenticate correctly
(example: digest-uri="ldap/ad1.mycompany.it")
what do you think about ?
regards
Marco
P.S.
sorry for my bad english
===== translate the ip to host name =====================
perl/5.10.1/Authen/SASL/Perl/DIGEST_MD5.pm
@@ -257,11 +257,12 @@
if (my @missing = grep { !exists $sparams{$_} } @server_required) {
return $self->set_error("Server did not provide required field(s):
@missing")
}
-
+ use Socket;
+ my $uri =gethostbyaddr(inet_aton($self->host),AF_INET);
my %response = (
nonce => $sparams{'nonce'},
cnonce => md5_hex($CNONCE || join (":", $$, time, rand)),
- 'digest-uri' => $self->service . '/' . $self->host,
+ 'digest-uri' => $self->service . '/' . $uri,
# calc how often the server nonce has been seen; server expects "00000001"
nc => sprintf("%08d",
++$self->{nonce_counts}{$sparams{'nonce'}}),
charset => $sparams{'charset'},
========== simple program ============================
use Net::LDAP;
use Authen::SASL qw/Perl/;
my $host = 'users.mycompany.it'; # one of our AD domain controllers
my $user = 'my_Userid'; # my UserPrincipalName in AD
my $passwd = 'my_password';
my $sasl = Authen::SASL->new(
mechanism => 'DIGEST-MD5',
callback => {
user => $user,
pass => $passwd
}
);
my $ldap = Net::LDAP->new($host, debug=>12, version => 3);
my $msg = $ldap->bind("", sasl => $sasl);
if($msg->code) {
print $msg->error . "\n";
}
else {
print "IT WORKED!!!\n";
exit(0);
}
======================================================
