Using the steps outlined in the sticky above I attempted to integrate efa into AD. Made the changes as described in the conf.php and in the functions.php files. After the changes to those files it appeared that the rest of the document didn't pertain to what I wanted (basic AD integration). After saving I lost the ability to access mailwatch. Of course I panicked and reverted the changes and go access back.
What went wrong? Does it take some time to populate the users from AD and if I waited would have been able to access mailwatch using my AD credentials?
Thanks. And if I haven't mentioned this before I'm very impressed with the quality of efa.
Richard.
Problem with AD integration
Re: Problem with AD integration
Do I need to rephrase my question?
-
shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Problem with AD integration
You have a typo in one or both files 
You can watch /var/log/httpd/error_log for clues while you access the site...
Anytime you edit these files, I recommend making a copy of the original so that you can return from whence you came.
You can watch /var/log/httpd/error_log for clues while you access the site...
Anytime you edit these files, I recommend making a copy of the original so that you can return from whence you came.
Re: Problem with AD integration
Fortunately I did. I do think I found my problem (besides errors in the files). I missed the very last step which was to install php-ldap.
BTW; what errors are you referring to?
Thanks.
[edit] OOPs reread your post. I'll recheck my changes.
BTW; what errors are you referring to?
Thanks.
[edit] OOPs reread your post. I'll recheck my changes.
Re: Problem with AD integration
Built a new box to test the AD integration with. After following the steps provided I get a page not found when trying to access the mailwatch. I've tried both http and https <IP Address>, same results.
I tried to attach a couple of txt files but the system doesn't allow txt files.
I tried to attach a couple of txt files but the system doesn't allow txt files.
-
shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Problem with AD integration
Page not found?
Umm...
1) Is apache running?
2) Is the ip address available, open, and not a duplicate IP on the network?
3) Is /var/www/html/mailscanner present?
Umm...
1) Is apache running?
2) Is the ip address available, open, and not a duplicate IP on the network?
3) Is /var/www/html/mailscanner present?
Re: Problem with AD integration
1. I believe so but need to know where to check services (location and name).
2. Yes
3. Yes
What's odd is I only lost access to the webpage after I enabled the AD integration. It appears that you lose the ability to login with a local username after the change.
Here is a snippet of the configuration files.
-config.php-
// LDAP settings
define('USE_LDAP', '1');
define('LDAP_HOST', 'walesdc.hoodview.fcu');
define('LDAP_PORT', '389');
define('LDAP_DN', 'DC=hoodview,DC=fcu');
define('LDAP_USER', 'efa@hoodview.fcu');
define('LDAP_PASS', 'hoodview');
define('LDAP_SITE', 'Wales');
-functions.php-
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
function ldap_authenticate($USER,$PASS) {
$USER = strtolower ($USER);
if ($USER != "" && $PASS != "") {
$ds = ldap_connect (LDAP_HOST,LDAP_PORT) or die ("Could not connect to ".LDAP_HOST);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind ($ds, LDAP_USER, LDAP_PASS);
if (strpos ($USER, '@')){
# $r = ldap_search ($ds, LDAP_DN, "proxyaddresses=SMTP:$USER") or die ("Could not search");
$r = ldap_search ($ds, LDAP_DN, "mail=$USER") or die ("Could not search");
} else {
$r = ldap_search ($ds, LDAP_DN, "sAMAccountName=$USER") or die ("Could not search");
}
if ($r) {
$result = ldap_get_entries ($ds, $r) or die ("Could not get entries");
if ($result[0]) {
$USER = $result[0]['userprincipalname']['0'];
if (ldap_bind ($ds, $USER, "$PASS")) {
# if (isset ($result[0]['proxyaddresses'])) {
# foreach ($result[0]['proxyaddresses'] as $email) {
if (isset ($result[0]['mail'])) {
foreach ($result[0]['mail'] as $email) {
if (substr ($email, 0, 4) == "SMTP") {
$email = strtolower (substr ($email, 5));
break;
}
}
}
$sql = sprintf ("SELECT username from users where username = %s", quote_smart($email));
$sth = dbquery ($sql);
if (mysql_num_rows ($sth) == 0) {
$sql = sprintf ("REPLACE into users (username, fullname, type, password) VALUES (%s, %s,'U',NULL)", quote_smart($email), quote_smart($result[0]['cn'][0]));
$sth = dbquery ($sql);
}
return $email;
2. Yes
3. Yes
What's odd is I only lost access to the webpage after I enabled the AD integration. It appears that you lose the ability to login with a local username after the change.
Here is a snippet of the configuration files.
-config.php-
// LDAP settings
define('USE_LDAP', '1');
define('LDAP_HOST', 'walesdc.hoodview.fcu');
define('LDAP_PORT', '389');
define('LDAP_DN', 'DC=hoodview,DC=fcu');
define('LDAP_USER', 'efa@hoodview.fcu');
define('LDAP_PASS', 'hoodview');
define('LDAP_SITE', 'Wales');
-functions.php-
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
function ldap_authenticate($USER,$PASS) {
$USER = strtolower ($USER);
if ($USER != "" && $PASS != "") {
$ds = ldap_connect (LDAP_HOST,LDAP_PORT) or die ("Could not connect to ".LDAP_HOST);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind ($ds, LDAP_USER, LDAP_PASS);
if (strpos ($USER, '@')){
# $r = ldap_search ($ds, LDAP_DN, "proxyaddresses=SMTP:$USER") or die ("Could not search");
$r = ldap_search ($ds, LDAP_DN, "mail=$USER") or die ("Could not search");
} else {
$r = ldap_search ($ds, LDAP_DN, "sAMAccountName=$USER") or die ("Could not search");
}
if ($r) {
$result = ldap_get_entries ($ds, $r) or die ("Could not get entries");
if ($result[0]) {
$USER = $result[0]['userprincipalname']['0'];
if (ldap_bind ($ds, $USER, "$PASS")) {
# if (isset ($result[0]['proxyaddresses'])) {
# foreach ($result[0]['proxyaddresses'] as $email) {
if (isset ($result[0]['mail'])) {
foreach ($result[0]['mail'] as $email) {
if (substr ($email, 0, 4) == "SMTP") {
$email = strtolower (substr ($email, 5));
break;
}
}
}
$sql = sprintf ("SELECT username from users where username = %s", quote_smart($email));
$sth = dbquery ($sql);
if (mysql_num_rows ($sth) == 0) {
$sql = sprintf ("REPLACE into users (username, fullname, type, password) VALUES (%s, %s,'U',NULL)", quote_smart($email), quote_smart($result[0]['cn'][0]));
$sth = dbquery ($sql);
}
return $email;
-
shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Problem with AD integration
Replace your # symbols with // and see what happens....
Re: Problem with AD integration
If your referring to the functions.php I did that to indicate a comment as I copied the line before changing it. Was that incorrect?
Thanks.
[edit] - This is a 3.0.0.1 box. I'm in the process of downloading the 3.0.0.4 and will build a new box with that and will try again. Found the link in one of the other posts but cannot download directly from the download page (at least I haven't found where).
Thanks.
[edit] - This is a 3.0.0.1 box. I'm in the process of downloading the 3.0.0.4 and will build a new box with that and will try again. Found the link in one of the other posts but cannot download directly from the download page (at least I haven't found where).