Mailing List CGatePro@mail.stalker.com Message #92119
From: Jonn Taylor <jonnt@taylortelephone.com>
Subject: Re: XMPP LDAP authentication
Date: Thu, 09 Aug 2007 10:32:44 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Sambedi Fahted wrote:
Thanks John,
Unfortunately that didn't work.
I'm using the Pidgin IM client and the error on the client side is simply: Invalid Authzid
And I'm still getting this error from Cgate logs:
07:35:08.335 1 EXTAUTH user@domainname.com(XMPP) SASL password is incorrect
07:35:08.335 1 ACCOUNT(user) login(XMPP) from [xx.xx.xx.xx](TLS) failed. Error Code=incorrect password

Under the XMPP Listener settings, I turned the "Init SSL/TLS" on, but it didn't make a difference. With that, I had to force the client to use the "old" port 5223 SSL, but the end result was the same as above. Only when I enabled my Communigate password was I able to successfully authenticate.

On 8/9/07, *Jonn R Taylor* <jonnt@taylortelephone.com <mailto:jonnt@taylortelephone.com>> wrote:

    Sambedi Fahted wrote:
     > Hola CGate Community:
     >  I've got CGATE Version 5.1.10 installed. We're able to get Outlook
     > (MAPI) clients and webmail clients authenticated via the authLDAP.pl,
     > but XMPP clients aren't being authenticated via LDAP. I tail my ldap
     > server logs and no searches appear -and in the CGate logs I get
    this error:
     >
     > 17:28:41.143 1 EXTAUTH user@domainname.com(XMPP) SASL password is
    incorrect
     >
     > By default, Communigate passwords are disabled, but when I enable my
     > Communigate password and use it, XMPP login succeeds.
     > Is there a way to get XMPP to authenticate through LDAP?
     >
     > Thanks for your help.
     >
     > -sam

    Under Users --> Domain Defaults --> Login Methods un-check the CRAM-MD5
    box. This controls SASL auth for Pronto. You can not use SASL with
    authLDAP.

    Jonn


    #############################################################
    This message is sent to you because you are subscribed to
      the mailing list <CGatePro@mail.stalker.com
    <mailto:CGatePro@mail.stalker.com>>.
    To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com
    <mailto:CGatePro-off@mail.stalker.com>>
    To switch to the DIGEST mode, E-mail to
    <CGatePro-digest@mail.stalker.com
    <mailto:CGatePro-digest@mail.stalker.com>>
    To switch to the INDEX mode, E-mail to <
    CGatePro-index@mail.stalker.com
    <mailto:CGatePro-index@mail.stalker.com>>
    Send administrative queries to  <CGatePro-request@mail.stalker.com
    <mailto:CGatePro-request@mail.stalker.com>>



The problem with using authLDAP is that it only will do plain text passwords. You can uncheck all the login methods that you are not using. What we final did was force all client to use SSL to secure there plain text passwords until a better option is provided by Stalker.

Jonn
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster