Mailing List Message #92242
From: Thom O'Connor <>
Subject: Re: External access to CGPRO's LDAP directory
Date: Wed, 15 Aug 2007 14:46:27 -0700
To: <>
From:   Niall O Broin
> I'm just starting to look at this, and I'm sure I'll have plenty more questions but I just have one for now. I'm using ldapsearch on a Linux box just for tests, and while I can query the directory if I specify -x (which means use plain text) if I don't do this, and SASL is used, I can't connect. I get this:
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> and after entering the password I get
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>         additional info: account is not available on this system
> Looking in the CGPro logs I see this
> 22:33:07.80 1 LDAP-00006([]) failed to open 'root'. Connection from []. Error Code=account is not available on this system
> When I first saw this error I created root as an alias for postmaster, and when that didn't work I created a separate root account, but still no joy. If I use -x, I don't even get asked for a password and I get what I ask for.
> Any suggestions?

Hi Niall,

Please note, this is a somewhat different SASL/LDAP issue from the
others discussed here. What you are attempting to do here is use a
SASL-type authentication for an LDAP query between your client
(ldapsearch) and CommuniGate Pro. Whereas, the other discussion here
today is on using a SASL-type IMAP/SIP/XMPP/XIMSS authentication from
client to CommuniGate Pro (while using an *external* LDAP server).

In any case, I am able to do the SASL LDAP query against a CommuniGate
Pro LDAP Directory with the following:

# ldapsearch -W -Y DIGEST-MD5 -h \
  -U -b "dc=example,dc=com"
<snip records>
result: 0 Success

Please note that the -b (search base) may be required, depending on your
directory ACLs.

Please e-mail or post your ldapsearch, if necessary.

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster