I had exactly the same problem. With same software you have on the
client side except on Linux and OpenLDAP on the server side.
I has been a while, IIRC I had to set ssf to 0 ('zero' which is no
encryption) on OpenLDAP to get it working (You should be able to turn
it of from the client side as well. But I think that didn't work for
me for some reason). I can remember I suspected Authen-SASL-Cyrus
security classes for some reason, but I have no solid proof. In the
end I gave up. Lack of time! (I can hear everyone whispering "Tell me
about it!":)
Although I am not sure if you can get AD to work with no encryption at
all, if you can and it works, I will be happy to know that.
Please forgive the vagueness of the above descriptions. If you have
any questions I would be happy to provide more info on the issue. For
now I am just happy to know I am not the only one who had this
problem :)
Ziya.
On 2003-10-16 17:57:25 +0000, Zhang Liquan wrote:
> I have spent a week try to search AD with Net::LDAP, if I use simple
> authentication,it seems work fine.But I found this method sends the user's password
> over the network in plaintext, which is not secure enough for my needs.
> Then I download the Authen::SASL::Cyrus module.But it don't work!
>
> when my client send BIND request,the AD response with SASL_BIND_IN_PROGRESS,but the
> client don't continue the authentication.
>
> By debug the scrpits??I found if I remove Net::LDAP::Bind::decode func's following
> statement:
> Net::LDAP::Bind
> 43 $self->set_error(LDAP_DECODING_ERROR,"LDAP decode error"), return
> 44 unless defined $resp;
>
> Then the client restart the BIND request,AD response SASL_BIND_IN_PROGRESS, the
> client send BIND request,then AD response SUCCESS.
>
> But when the Net::LDAP::bind call compelete, the connection was closed imediately.
>
> Can anyone help me?
>
> All the module I use:
> perl 5.8.0 for win32
> SASL 2.02
> Authen-SASL-Cyrus-0.07
> Cryus-sasl-2.15
> krb5-1.3.1
>
>
