How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Questions and answers about how to do stuff
Post Reply
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by sunnyg »

Hello All,

I am hoping that someone would be able to assist me on this matter.

I am currently setting up EFA 3.0.2.5 and attempting to get it to work before I upgrade to 3.0.2.6.

The issue I am having is after making the LDAP changes in the conf.php file, I am able to get a the mailscanner login screen, but with any log in credential (local or AD based), I get a http 500 error.

my conf.php file looks like this :

Code: Select all

// LDAP settings for authentication
// LDAP settings
define('USE_LDAP',       true);
define('LDAP_HOST',      'dc01.ghataura.com');
define('LDAP_PORT',      '389');
define('LDAP_DN',        'DC=ghataura,DC=com');
define('LDAP_USER',      'ldap@ghataura.com');
define('LDAP_PASS',      'ldap');
define('LDAP_SITE',      'default-first-site-name');
define('LDAP_SSL',        false); // Set to true if using LDAP with SSL encryption.
define('LDAP_FILTER',    'mail=%s'); //%s will be replaced by username eg. 'mail=%', 'mail=SMTP:%s', 'sAMAccountName=%s'
define('LDAP_PROTOCOL_VERSION', 3);
// can be set to 'proxyaddresses' or 'mail'. Please refer to your LDAP system manual for the right keyword
define('LDAP_EMAIL_FIELD', 'mail');
// Ldap field that is used to bind to the ldap server to check the credentials. 
// The value of the LDAP_USERNAME_FIELD will be extended by LDAP_BIND_PREFIX and LDAP_BIND_SUFFIX to created the binding username.
// define('LDAP_FILTER', 'sAMAccountName=%s');

//define('LDAP_USERNAME_FIELD', 'sAMAccountName');
 define('LDAP_USERNAME_FIELD', 'cn');
// define('LDAP_BIND_PREFIX', 'cn=');
//define('LDAP_BIND_SUFFIX', '@' . LDAP_DN);
// Microsoft Active Directory compatibility support for searches from Domain Base DN
define('LDAP_MS_AD_COMPATIBILITY', true);
and

here is a screenshot of the error as displayed:
500.jpg
500.jpg (42.22 KiB) Viewed 6980 times

if i disable the LDAP everything works as expected, and i am at a complete loss.
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by sunnyg »

To add,

Just checked the logs and I see the following error being reported in the ssl_error.log:

Code: Select all

[root@efa httpd]# cat ssl_error_log
[Fri Aug 31 07:26:12 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Aug 31 07:26:13 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Aug 31 07:29:21 2018] [error] [client 10.100.1.151] PHP Fatal error:  Call to undefined function ldap_connect() in /var/www/html/mailscanner/functions.php on line 2873, referer: https://efa.ghataura.com/mailscanner/login.php
[Fri Aug 31 07:32:56 2018] [error] [client 10.100.1.151] PHP Fatal error:  Call to undefined function ldap_connect() in /var/www/html/mailscanner/functions.php on line 2873, referer: https://efa.ghataura.com/mailscanner/login.php?error=baduser
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by shawniverson »

Looks like you are missing php-ldap. try installing it.

Code: Select all

sudo yum install php-ldap
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by sunnyg »

Hi,

PHP-LDAP has been installed, will trying installing it again
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by sunnyg »

Just checks PHP-LDAP is installed

Code: Select all

[root@efa mailscanner]# yum install php-ldap
Loaded plugins: fastestmirror, security
Setting up Install Process
Loading mirror speeds from cached hostfile
 * EFA: dl7.efa-project.org
 * base: mirror.csclub.uwaterloo.ca
 * epel: ftp.cse.buffalo.edu
 * extras: mirror.its.sfu.ca
 * mariadb: yum.mariadb.org
 * updates: mirror.its.sfu.ca
Package php-ldap-5.3.3-49.el6.x86_64 already installed and latest version
 

Could the installed version not be compatible?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by shawniverson »

Wait, you need the php7 version of this package...is it installed?

Code: Select all

rpm -qa | grep php-ldap
php-ldap-7.2.8-1.el6.remi.x86_64
sunnyg
Posts: 34
Joined: 08 Mar 2018 21:26

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by sunnyg »

Hi shawniverson,

Thanks for your help, I was able to resolve the issue by updating the kernel on the EFA server, however the auto updates have updated me to version 3.0.2.6 so will run some tests to see if this presents any new issues
Mail2GoCa
Posts: 31
Joined: 10 Oct 2018 09:11

Re: How to integrate E.F.A 3.0.2.5 with Active Directory (windows 2012 r2)

Post by Mail2GoCa »

A quick note for those who have alias addresses in their Exchange server.

For LDAP_FILTER, please use...

Code: Select all

define('LDAP_FILTER', 'proxyAddresses=smtp:%s', 'mail=%s');
or

Code: Select all

define('LDAP_FILTER', 'proxyAddresses=smtp:%s', 'proxyAddresses=SMTP:%s');
This allows validation lookup of all smtp email addresses associated to a mailbox user or distribution group and also allows a mail user account holder to log in with any of the aliases and account password.
Post Reply