ldap_sasl_bind у когонить работает?

[cyborg]

Уже и так и сяк пробую его, обычным ldap_bind подключается, а ldap_sasl_bind с теми же учетными данными ругается "Invalid credentials"

Требуется авторизацию сделать по sasl

$cfg_ldap_user = 'servername';
$cfg_ldap_pass = 'serverpass';
$cfg_ldap_server = 'msk.server.ru';
$cfg_ldap_dn = 'OU=Users,DC=msk,DC=server,DC=ru';

$user = 'user';
$pass ='pass';

$connect = ldap_connect($cfg_ldap_server);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
$res = ldap_start_tls($connect);
$bind = ldap_bind($connect, $cfg_ldap_user, $cfg_ldap_pass);

тут все ок
дальше ищу пользователя, нахожу его и пытаюсь под ним забиндиться

$res_id = ldap_search($connect, $cfg_ldap_dn, "(&(objectClass=user)(objectCategory=person)(sAMAccountName=$user))");
$cnt = ldap_count_entries($connect, $res_id);
$entry_id = ldap_first_entry($connect, $res_id);
$user_dn = ldap_get_dn($connect, $entry_id);
//$bind2 = ldap_bind($connect, $user_dn, $pass); // работает!
$bind2 = ldap_sasl_bind($connect, NULL, $pass, 'DIGEST-MD5', NULL, $user_dn); // не работает

 

[AnrDaemon]

"Не работает" - это очень информативное сообщение.
ЛОГИ ГДЕ?

 

[cyborg]

ldap_sasl_interactive_bind_s: user selected: DIGEST-MD5
ldap_int_sasl_bind: DIGEST-MD5
ldap_int_sasl_open: host=msk.server.ru
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x7f8d6dce0d70 msgid 4
wait4msg ld 0x7f8d6dce0d70 msgid 4 (infinite timeout)
wait4msg continue ld 0x7f8d6dce0d70 msgid 4 all 1
** ld 0x7f8d6dce0d70 Connections:
* host: msk.server.ru port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Sep 6 08:51:32 2016


** ld 0x7f8d6dce0d70 Outstanding Requests:
* msgid 4, origid 4, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f8d6dce0d70 request count 1 (abandoned 0)
** ld 0x7f8d6dce0d70 Response Queue:
Empty
ld 0x7f8d6dce0d70 response count 0
ldap_chkResponseList ld 0x7f8d6dce0d70 msgid 4 all 1
ldap_chkResponseList returns ld 0x7f8d6dce0d70 NULL
ldap_int_select
read1msg: ld 0x7f8d6dce0d70 msgid 4 all 1
read1msg: ld 0x7f8d6dce0d70 msgid 4 message type bind
read1msg: ld 0x7f8d6dce0d70 0 new referrals
read1msg: mark request completed, ld 0x7f8d6dce0d70 msgid 4
request done: ld 0x7f8d6dce0d70 msgid 4
res_errno: 14, res_error: <>, res_matched: <>
ldap_free_request (origid 4, msgid 4)
ldap_parse_sasl_bind_result
ldap_parse_result
ldap_msgfree
sasl_client_step: 2
sasl_client_step: 1
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x7f8d6dce0d70 msgid 5
wait4msg ld 0x7f8d6dce0d70 msgid 5 (infinite timeout)
wait4msg continue ld 0x7f8d6dce0d70 msgid 5 all 1
** ld 0x7f8d6dce0d70 Connections:
* host: msk.server.ru port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Sep 6 08:51:32 2016


** ld 0x7f8d6dce0d70 Outstanding Requests:
* msgid 5, origid 5, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f8d6dce0d70 request count 1 (abandoned 0)
** ld 0x7f8d6dce0d70 Response Queue:
Empty
ld 0x7f8d6dce0d70 response count 0
ldap_chkResponseList ld 0x7f8d6dce0d70 msgid 5 all 1
ldap_chkResponseList returns ld 0x7f8d6dce0d70 NULL
ldap_int_select
read1msg: ld 0x7f8d6dce0d70 msgid 5 all 1
read1msg: ld 0x7f8d6dce0d70 msgid 5 message type bind
read1msg: ld 0x7f8d6dce0d70 0 new referrals
read1msg: mark request completed, ld 0x7f8d6dce0d70 msgid 5
request done: ld 0x7f8d6dce0d70 msgid 5
res_errno: 49, res_error: <80090308: LdapErr: DSID-0C090503, comment: AcceptSecurityContext error, data 57, v2580>, res_matched: <>
ldap_free_request (origid 5, msgid 5)
ldap_parse_sasl_bind_result
ldap_parse_result
ldap_msgfree
ldap_err2string
ldap_err2string
ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed