Active Directory authenticaion via UNIX

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I'm currently having a problem while trying to authenticate an NT userid =
(Active Directory) from UNIX over LDAP.

I'm using the following code snippit to perform the =
search/authentication:

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
=3D=3D BEGIN

#!/bin/perl -w

use Net::LDAP qw(:all);
use Net::LDAP::Util qw(ldap_error_name ldap_error_text ldap_error_desc);

$ldap =3D Net::LDAP->new("XX.XX.X.XXX") || die "$@\n";
my $msg =3D $ldap->bind(anonymous =3D> 1, version =3D> 3);

if ( $msg->code ) {
        print ("Message Error Code =3D> " . $msg->code . "\n");
        print ("Message Error Name =3D> " . ldap_error_name($msg->code) =
. "\n");
        print ("Message Error Text =3D> " . ldap_error_text($msg->code) =
. "\n");
        print ("Message Error Desc =3D> " . ldap_error_desc($msg->code) =
. "\n");   =20
}

$RS =3D $ldap->search (
                     base =3D> "MY_DOMAIN.net",
                     scope =3D> "sub",          # still doesn't work =
with or w/out this.....
                     filter =3D> "(uid=3D*)"      # also tried =
"mail=3D*", etc.
                    );

print ( "RS Count =3D> " . $RS->count . "\n");

$ldap->unbind();

=3D=3D END
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D

Now,=20

This always returns the output:

   RS Count =3D> 0

I can only assume that the bind is working...when I try to bind using =
the following command:

  my $msg =3D =
$ldap->bind(dn=3D>"dc=3DMY_DOMAIN,dc=3Dnet,cn=3DMY_USER_ID", =
password=3D>"MY_PASSWORD") || die "No Auth: " . "$@\n";

I receive the output:

  Message Error Code =3D> 49
  Message Error Name =3D> LDAP_INVALID_CREDENTIALS
  Message Error Text =3D> The wrong password was supplied or the SASL =
credentials could not be processed
  Message Error Desc =3D> Invalid credentials

which is strange since I know that the credentials being sent are =
correct, nevertheless.....

In talking with my NT admin, he sees no log of either binding attempt?

Any suggestions -- I'm hoping that I just can't see the forest for the =
trees on this one.

thnx,

~j