That's right, you can pull all of your email users into E.F.A. and authenticate against AD (probably any LDAP server)!
I plan on making this a configuration option in a later release of E.F.A.
For now, follow these steps.
1) Create a user and password (proxy service account) in AD to allow username lookups
2) Configure Mailwatch
Edit /var/www/html/mailscanner/conf.php
Code: Select all
// LDAP settings
define('USE_LDAP', '1');
define('LDAP_HOST', 'server.example.com');
define('LDAP_PORT', '389');
define('LDAP_DN', 'DC=example,DC=com');
define('LDAP_USER', 'LDAPProxy@example.com');
define('LDAP_PASS', 'secret');
define('LDAP_SITE', 'default-first-site-name');
Code: Select all
define('LDAP_EMAIL_FIELD', 'mail');
The following lines are needed in functions.php for this situation
Before this line (near line 2280 in function ldap_authenticate)
$ds = ldap_connect(LDAP_HOST, LDAP_PORT) or die ("Could not connect to " . LDAP_HOST);
Insert the following two lines immediately BEFORE:
Code: Select all
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
Code: Select all
yum install php-ldap