python用sasl的方式连接ldap提示

源码：

#!/usr/bin/python
# -*- coding: utf-8 -*-
# filename: ldap_test.py
import ldap,ldap.sasl
import socket

'''
实现LDAP用户登录验证SAAL
'''

ldap.sasl._trace_level=0

ldap.set_option(ldap.OPT_REFERRALS,0)

ipaddr = "demo"
ldapPath = "ldap://" + socket.gethostbyname(ipaddr) + ":389" 

method = "DIGEST-MD5"
username = 'test1'.encode('utf-8')
password = '0'
sasl_dict = {ldap.sasl.CB_AUTHNAME:username, ldap.sasl.CB_PASS:password}
try:
    l = ldap.initialize(ldapPath,trace_level=0)
    l.protocol_version = 3

    sasl_auth = ldap.sasl.sasl(sasl_dict, method)
    print 20*'*',sasl_auth.mech,20*'*'
    print sasl_auth
    l.sasl_interactive_bind_s('', sasl_auth)
#print 'OPT_X_SASL_USERNAME',repr(l.get_option(ldap.OPT_X_SASL_USERNAME))
except ldap.INVALID_CREDENTIALS, e:
    print e
finally:
    l.unbind()

在linux下运行，提示：
{'info': "80090303: LdapErr: DSID-0C0904B3, comment: The digest-uri does not match any LDAP SPN's registered for this server., data 0, v1772", 'desc': 'Invalid credentials'}

simple-bind没有这个问题