Mailing List Message #91997
From: Andy Kunkle <>
Subject: RE: LDAP integration
Date: Mon, 30 Jul 2007 15:34:09 -0400
To: 'CommuniGate Pro Discussions' <>
X-Mailer: Microsoft Office Outlook 12.0
> Adrian Centeno wrote:
> I was reading on the communigate website and see how an integration
> with
> Windows AD
> works but I can not integrate CGP with AD.
> What do I have to do?

It's an interesting question. One that I've been working on for a while now,
with some success. The first part of this question is determining what
exactly you mean by "integration". One meaning of integration is trying to
use AD to store CGP information, you can do that (so I have heard), but I'm
not so interested in that part. The other, the one I've been working
towards, is enabling single sign-on... or more simply, making it so my users
can use the same username and passwords to log into their e-mail as they do
to log into their computers.

If you're trying to use Outlook for instance, the solution you're looking
for involves Kerberos Authentication. I can give you some information on how
to get that to work, or you can search for Kerberos Authentication in the
mailing list forum on . When Kerberos is setup, your
users simply open outlook, and the mail server does the work, authenticating
them using their AD user password. This works great and I'm very happy with

Unfortunately, the real trouble happens when your users are located in
remote offices with no VPN access (like when trying to check mail at home).
They won't be logging into the network, so Kerberos won't work, but you
still need to verify the password. This is the part that I'm having trouble
with as well. I figured out how to allow external authentication to the AD
server, but it's not encrypted. This means passwords are being passed across
the network in clear text, and I am also unable to use Pronto, since it
encrypts the passwords automatically. This is where I really need some help
as well. Like I said, it works, but I would really like some type of
encryption in place. I thought of PAM or SASL, but haven't had much luck
there either.

So, that's a start for you. Let me know and I'd be happy to part with some
of my knowledge in getting this setup.

Andy Kunkle
AIM Engineering

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster