How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Questions and answers about how to do stuff
Post Reply
sunnyg
Posts: 13
Joined: 08 Mar 2018 21:26

How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by sunnyg » 31 Aug 2018 11:13

Hello All,

I am hoping that someone would be able to assist me on this matter.

I am currently setting up EFA 3.0.2.5 and attempting to get it to work before I upgrade to 3.0.2.6.

The issue I am having is after making the LDAP changes in the conf.php file, I am able to get a the mailscanner login screen, but with any log in credential (local or AD based), I get a http 500 error.

my conf.php file looks like this :

Code: Select all

// LDAP settings for authentication
// LDAP settings
define('USE_LDAP',       true);
define('LDAP_HOST',      'dc01.ghataura.com');
define('LDAP_PORT',      '389');
define('LDAP_DN',        'DC=ghataura,DC=com');
define('LDAP_USER',      'ldap@ghataura.com');
define('LDAP_PASS',      'ldap');
define('LDAP_SITE',      'default-first-site-name');
define('LDAP_SSL',        false); // Set to true if using LDAP with SSL encryption.
define('LDAP_FILTER',    'mail=%s'); //%s will be replaced by username eg. 'mail=%', 'mail=SMTP:%s', 'sAMAccountName=%s'
define('LDAP_PROTOCOL_VERSION', 3);
// can be set to 'proxyaddresses' or 'mail'. Please refer to your LDAP system manual for the right keyword
define('LDAP_EMAIL_FIELD', 'mail');
// Ldap field that is used to bind to the ldap server to check the credentials. 
// The value of the LDAP_USERNAME_FIELD will be extended by LDAP_BIND_PREFIX and LDAP_BIND_SUFFIX to created the binding username.
// define('LDAP_FILTER', 'sAMAccountName=%s');

//define('LDAP_USERNAME_FIELD', 'sAMAccountName');
 define('LDAP_USERNAME_FIELD', 'cn');
// define('LDAP_BIND_PREFIX', 'cn=');
//define('LDAP_BIND_SUFFIX', '@' . LDAP_DN);
// Microsoft Active Directory compatibility support for searches from Domain Base DN
define('LDAP_MS_AD_COMPATIBILITY', true);
and

here is a screenshot of the error as displayed:
500.jpg
500.jpg (42.22 KiB) Viewed 1338 times

if i disable the LDAP everything works as expected, and i am at a complete loss.

sunnyg
Posts: 13
Joined: 08 Mar 2018 21:26

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by sunnyg » 31 Aug 2018 11:36

To add,

Just checked the logs and I see the following error being reported in the ssl_error.log:

Code: Select all

[root@efa httpd]# cat ssl_error_log
[Fri Aug 31 07:26:12 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Aug 31 07:26:13 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Aug 31 07:29:21 2018] [error] [client 10.100.1.151] PHP Fatal error:  Call to undefined function ldap_connect() in /var/www/html/mailscanner/functions.php on line 2873, referer: https://efa.ghataura.com/mailscanner/login.php
[Fri Aug 31 07:32:56 2018] [error] [client 10.100.1.151] PHP Fatal error:  Call to undefined function ldap_connect() in /var/www/html/mailscanner/functions.php on line 2873, referer: https://efa.ghataura.com/mailscanner/login.php?error=baduser

User avatar
shawniverson
Posts: 2827
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by shawniverson » 01 Sep 2018 14:32

Looks like you are missing php-ldap. try installing it.

Code: Select all

sudo yum install php-ldap
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

sunnyg
Posts: 13
Joined: 08 Mar 2018 21:26

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by sunnyg » 02 Sep 2018 14:01

Hi,

PHP-LDAP has been installed, will trying installing it again

sunnyg
Posts: 13
Joined: 08 Mar 2018 21:26

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by sunnyg » 02 Sep 2018 14:25

Just checks PHP-LDAP is installed

Code: Select all

[root@efa mailscanner]# yum install php-ldap
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
 * EFA: dl7.efa-project.org
 * base: mirror.csclub.uwaterloo.ca
 * epel: ftp.cse.buffalo.edu
 * extras: mirror.its.sfu.ca
 * mariadb: yum.mariadb.org
 * updates: mirror.its.sfu.ca
Package php-ldap-5.3.3-49.el6.x86_64 already installed and latest version
 

Could the installed version not be compatible?

User avatar
shawniverson
Posts: 2827
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by shawniverson » 02 Sep 2018 15:23

Wait, you need the php7 version of this package...is it installed?

Code: Select all

rpm -qa | grep php-ldap
php-ldap-7.2.8-1.el6.remi.x86_64
Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

sunnyg
Posts: 13
Joined: 08 Mar 2018 21:26

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by sunnyg » 06 Sep 2018 09:39

Hi shawniverson,

Thanks for your help, I was able to resolve the issue by updating the kernel on the EFA server, however the auto updates have updated me to version 3.0.2.6 so will run some tests to see if this presents any new issues

Mail2GoCa
Posts: 26
Joined: 10 Oct 2018 09:11

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by Mail2GoCa » 15 Oct 2018 10:08

A quick note for those who have alias addresses in their Exchange server.

For LDAP_FILTER, please use...

Code: Select all

define('LDAP_FILTER', 'proxyAddresses=smtp:%s', 'mail=%s');
or

Code: Select all

define('LDAP_FILTER', 'proxyAddresses=smtp:%s', 'proxyAddresses=SMTP:%s');
This allows validation lookup of all smtp email addresses associated to a mailbox user or distribution group and also allows a mail user account holder to log in with any of the aliases and account password.

Post Reply