Thanks... That did help me establish that the connection to the domain controller is working fine, etc. Investigating further, I believe the problem is somewhere in Auth::ActiveDirectory, specifically here where it does the LDAP search to get the user's information:

    my $result = $self->_search_users( qq/(&(objectClass=person)(userP
+rincipalName=$user./ . $self->principal . '))' );
[download]

The search fails, which the code ignores, then runs a foreach on the nonexistent results, and then returns undefined. I've tried modifying the search in several different ways, including hard-coding some of the search criteria, and I can't get anything other than "DIR ERROR" and "NO OBJECT" as error messages. I inserted some debug code to show the error messages:

my $search = qq/(&(objectClass=person)(userPrincipalName=$user./ . $se
+lf->principal . '))';
my $result = $self->_search_users( $search );
die $search . " -- " . $result->{'errorMessage'} if $result->{'errorMe
+ssage'};
[download]

I've been reading about LDAP and it seems like I'm doing everything right, but I must not be. Here are some errors, with the search that generated them.

(userPrincipalName=testuser@our.domain.com) -- 0000208D: NameErr: DSID
+-0310020A, problem 2001 (NO_OBJECT), data 0, best match of: 'OU=USER,
+OU=ACCOUNTS,OU=OUROU,DC=OUR,DC=DOMAIN,DC=com' at /home/camel/perl5/pe
+rlbrew/perls/perl-5.30.1/lib/site_perl/5.30.1/Auth/ActiveDirectory.pm
+ line 133.

(sAMAccountName=testuser) -- 0000208D: NameErr: DSID-0310020A, problem
+ 2001 (NO_OBJECT), data 0, best match of: 'OU=USER,OU=ACCOUNTS,OU=OUR
+OU,DC=OUR,DC=DOMAIN,DC=com' at /home/camel/perl5/perlbrew/perls/perl-
+5.30.1/lib/site_perl/5.30.1/Auth/ActiveDirectory.pm line 133.

(sAMAccountName=*) -- 0000208D: NameErr: DSID-0310020A, problem 2001 (
+NO_OBJECT), data 0, best match of: 'OU=USER,OU=ACCOUNTS,OU=OUROU,DC=O
+UR,DC=DOMAIN,DC=com' at /home/camel/perl5/perlbrew/perls/perl-5.30.1/
+lib/site_perl/5.30.1/Auth/ActiveDirectory.pm line 133.
[download]