Mailing List CGatePro@mail.stalker.com Message #92033
From: Peter Leye <pleye@sixco.ae>
Subject: Re: LDAP integration
Date: Thu, 2 Aug 2007 23:47:47 +0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
Andy,

> I figured out how to allow external authentication to the AD
> server, but it's not encrypted. This means passwords are being passed
> across
> the network in clear text,

I'm using external authentication using authLDAP.pl
But I'm also making sure that users, when in webmail, are working using SSL.
In the Account Defaults / Settings you could set 'Secure Only' to Yes.
Then, you'd still have to make sure that no-one can sniff the traffic
between your CGPro and your LDAP server, and that should be secure shouldn't
it?

Mail client software also has the possibility to be configured to use SSL,
so there, the password should be secure as well. However, some anti-spam
software on the client side may prevent you from working with SSL.

> and I am also unable to use Pronto, since it
> encrypts the passwords automatically.

I haven't got that for, so I have no comments here/

Best regards,

Peter Leye


----- Original Message -----
From: "Andy Kunkle" <akunkle@aimengr.com>
To: "CommuniGate Pro Discussions" <CGatePro@mail.stalker.com>
Sent: Monday, July 30, 2007 11:34 PM
Subject: Re: LDAP integration


> Adrian Centeno wrote:
>
> I was reading on the communigate website and see how an integration
> with
> Windows AD
> works but I can not integrate CGP with AD.
>
> What do I have to do?

It's an interesting question. One that I've been working on for a while now,
with some success. The first part of this question is determining what
exactly you mean by "integration". One meaning of integration is trying to
use AD to store CGP information, you can do that (so I have heard), but I'm
not so interested in that part. The other, the one I've been working
towards, is enabling single sign-on... or more simply, making it so my users
can use the same username and passwords to log into their e-mail as they do
to log into their computers.

If you're trying to use Outlook for instance, the solution you're looking
for involves Kerberos Authentication. I can give you some information on how
to get that to work, or you can search for Kerberos Authentication in the
mailing list forum on www.communigate.com . When Kerberos is setup, your
users simply open outlook, and the mail server does the work, authenticating
them using their AD user password. This works great and I'm very happy with
it.

Unfortunately, the real trouble happens when your users are located in
remote offices with no VPN access (like when trying to check mail at home).
They won't be logging into the network, so Kerberos won't work, but you
still need to verify the password. This is the part that I'm having trouble
with as well. I figured out how to allow external authentication to the AD
server, but it's not encrypted. This means passwords are being passed across
the network in clear text, and I am also unable to use Pronto, since it
encrypts the passwords automatically. This is where I really need some help
as well. Like I said, it works, but I would really like some type of
encryption in place. I thought of PAM or SASL, but haven't had much luck
there either.

So, that's a start for you. Let me know and I'd be happy to part with some
of my knowledge in getting this setup.

Andy Kunkle
AIM Engineering




#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster