efa-project.org


https://forum.efa-project.org/

AD authentication fails after upgrade to 3.0.1.0

https://forum.efa-project.org/viewtopic.php?t=1617

Page 1 of 1

AD authentication fails after upgrade to 3.0.1.0

Posted: 06 May 2016 15:34
by VMguru
All, I was wondering if anyone else was having this problem.

AD integration & authentication was working great in 3.0.0.8 & 3.0.0.9.
After upgrading to 3.0.1.0, no user from AD can authenticate to the MailWatch login page.
Mailwatch fails.jpg
Mailwatch fails.jpg (28.74 KiB) Viewed 5740 times
I've checked all settings, they are still set per all previous AD integration articles; conf.php, functions.php, php-ldap installed, openldap-clients installed, ldpa proxy service account still valid in AD and can login.

I went so far as to edit the /usr/local/bin/mailwatch/tools/Cron_jobs/mailwatch_ldap_sync.sh file with our settings and
re-ran it. That wiped out all the work I had done from consolidating multiple user accounts in the MySQL database.
But, it did re-import all our AD accounts. But still no joy on logins.

The only account that can successfully login, is the built-in Administrator account for EFA.

Any suggestions?

Re: AD authentication fails after upgrade to 3.0.1.0

Posted: 11 May 2016 06:33
by colin
I had the same issue going from 3.0.0.9 to 3.0.1.0
Initially I changed define('USE_LDAP', '1'); to define('USE_LDAP', '0');
Logged in as admin but still couldn't login as a user so I changed the user's password in EFA and could then login.
Then again changed define('USE_LDAP', '0'); to define('USE_LDAP', '1');
Initially I could not login as the user but then I restarted the MailScanner service (may be a red herring)
I can now login again but I am not convinced that the LDAP integration is working as another user could not login until I manually reset their password in EFA.

Re: AD authentication fails after upgrade to 3.0.1.0

Posted: 11 May 2016 06:35
by colin
OK a bit of progress. I changed the code to:
define('USE_LDAP', true);

And a packet capture shows that it is communicating but the return is:

LDAPMessage searchResDone(2) success [0 results]

If I create a new user in Active Directory and assign a mailbox, it fails to login using that user and no user is created in EFA.

Hope this helps.

Re: AD authentication fails after upgrade to 3.0.1.0

Posted: 15 May 2016 10:57
by colin
See viewtopic.php?f=5&t=1605

Re: AD authentication fails after upgrade to 3.0.1.0

Posted: 15 May 2016 16:15
by VMguru
I actually had done what colin mentioned and changed the code to:
define('USE_LDAP', true);

and my AD integration is working again.
As colin pointed out the detailed thread relating to the solution exists here:
viewtopic.php?f=5&t=1605
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited