Posting this here as the relevant discussions in the apple forums are archived, and this is a vague problem to solve.
If you see messages such as this in your logs from jabberd:
ODKVerifyClientRequestFixed: Unable to authenticate
when clients (either ichat or third party such as adium) attempt to connect with valid usernames and passwords
and it results in a permission denied message. In addition to the things mentioned in this thread https://discussions.apple.com/thread/2608181?start=0&tstart=0 (e.g. check DNS) there
is another thing to check if you are using OpenDirectory. Make sure the certificate you are using on your OpenDirectory server
(Under LDAP settings on the OD master) is valid and trusted by the server running jabberd (the quickest way is to fire up
serveradmin on machine running jabberd and connect to the OD master view the certificates pane and see if the cert is listed
as trusted (the validation is done on the machine running serveradmin so if it is not trusted then you may have found your problem or one of them at least). In the case I needed to debug the cert being used for OD is signed by a CA not found in the OS X Server keychain (Global Sign Organization Validation) the solution is to add the CA's cert from their website to keychain and the SASL based methods then work.
As a side note the default generated /etc/jabber/c2s.xml file on a 10.5 server has the SASL methods commented out which might
explain some of the forum comments about ichat server being broken when upgrading from 10.5 to 10.6. Another note that is if the
mac client is configured to use kerberos (as mine was) then the authentication will succeed even with the untrusted cert.