I thought I would share my final configuration for successfully integrating with AD 2012 R2.
For whatever reason this was a struggle to get working properly.
The configuration I used was this in the Mailscanner conf.php
Case matters here, that will get you everytime.
The Ldap DN should be as it is in AD.
Ldap filter and Ldap username Fields are case sensitive.
--------------------------------------------
Code: Select all
// LDAP settings for authentication
define('USE_LDAP', true);
define('LDAP_SSL', false); // Set to true if using LDAP with SSL encryption.
define('LDAP_HOST', 'xxx.xxx.xxx.xxx');
define('LDAP_PORT', '389');
define('LDAP_DN', 'OU=Users,OU=Corp,DC=Corp,DC=local');
define('LDAP_USER', 'ldapuser@sonoma.local'); // If no email set: cn=admin,dc=example,dc=com
define('LDAP_PASS', 'xxxxxxxxxxxxxx');
define('LDAP_SITE', 'default-first-site-name');
define('LDAP_FILTER', 'mail=%s'); //%s will be replaced by username eg. 'mail=%s', 'mail=SMTP:%s', 'sAMAccountName=%s'
define('LDAP_PROTOCOL_VERSION', 3);
// can be set to 'proxyaddresses' or 'mail'. Please refer to your LDAP system manual for the right keyword
define('LDAP_EMAIL_FIELD', 'mail');
// Ldap field that is used to bind to the ldap server to check the credentials.
// The value of the LDAP_USERNAME_FIELD will be extended by LDAP_BIND_PREFIX and LDAP_BIND_SUFFIX to created the binding username.
define('LDAP_USERNAME_FIELD', 'userprincipalname');
// define('LDAP_BIND_PREFIX', 'cn=');
// define('LDAP_BIND_SUFFIX', ',' . LDAP_DN);
// Microsoft Active Directory compatibility support for searches from Domain Base DN
define('LDAP_MS_AD_COMPATIBILITY', true);
With this setup you will use the email address as the username and your domain password and you should be authenticated and taken to your spam.