Mailing List CGatePro@mail.stalker.com Message #92124
From: A.G.Valdivia <alexandergv@esvc.co.cu>
Subject: Re: XMPP LDAP authentication
Date: Thu, 9 Aug 2007 12:44:35 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Microsoft Outlook Express 6.00.3790.1830
The authLDAP SASL plugin will be a real solution to authentication over LDAP (OpenLDAP, Active Directory) or others, when OS password does not provide a solution.

Tom say:
or even easier, to simply return the PLAIN text password to CommuniGate Pro, and allow CGatePro to perform the SASL methods.

Look easy but How can the plugin know the users account password stored in the LDAP server, when the plugin functionality is verify against LDAP server the user & password passes as parameters by CG...  (:<)


----- Original Message ----- From: "Thom O'Connor" <thom@communigate.com>
To: "CommuniGate Pro Discussions" <CGatePro@mail.stalker.com>
Sent: Thursday, August 09, 2007 10:57 AM
Subject: Re: XMPP LDAP authentication


From:  Jonn R Taylor <jonnt@taylortelephone.com>
Sambedi Fahted wrote:

    Hola CGate Community:
     I've got CGATE Version 5.1.10 installed. We're able to get Outlook (MAPI) clients and webmail clients authenticated via the authLDAP.pl, but XMPP clients aren't being authenticated via LDAP. I tail my ldap server logs and no searches appear -and in the CGate logs I get this error:

    17:28:41.143 1 EXTAUTH user@domainname.com(XMPP) SASL password is incorrect

    By default, Communigate passwords are disabled, but when I enable my Communigate password and use it, XMPP login succeeds.
    Is there a way to get XMPP to authenticate through LDAP?

    Thanks for your help.

    -sam


Under Users --> Domain Defaults --> Login Methods un-check the CRAM-MD5
box. This controls SASL auth for Pronto. You can not use SASL with authLDAP.

Hi folks,

This is not exactly accurate - SASL can be used with external LDAP
authentication. SASL with an external LDAP server requires that the LDAP
server be able to either perform the necessary SASL calculations in
tandem with CommuniGate Pro, or even easier, to simply return the PLAIN
text password to CommuniGate Pro, and allow CGatePro to perform the SASL
methods.

This is documented in the Guide in External Authentication:
 http://www.communigate.com/CommunigatePro/Helpers.html#AUTH

This will allow SIP, XMPP, and Pronto to work using SASL authentication
methods with an external Directory.

CommuniGate has a newly written authLDAP-SASL Perl plugin to do this,
which just needs to be tested and the method documented somewhat. We
hope to do this within the next few days.

Sincerely,
-t

#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster