efa-project.org

Using the steps outlined in the sticky above I attempted to integrate efa into AD. Made the changes as described in the conf.php and in the functions.php files. After the changes to those files it appeared that the rest of the document didn't pertain to what I wanted (basic AD integration). After saving I lost the ability to access mailwatch. Of course I panicked and reverted the changes and go access back.

What went wrong? Does it take some time to populate the users from AD and if I waited would have been able to access mailwatch using my AD credentials?

Thanks. And if I haven't mentioned this before I'm very impressed with the quality of efa.

Richard.

Do I need to rephrase my question?

You have a typo in one or both files

You can watch /var/log/httpd/error_log for clues while you access the site...

Anytime you edit these files, I recommend making a copy of the original so that you can return from whence you came.

Fortunately I did. I do think I found my problem (besides errors in the files). I missed the very last step which was to install php-ldap.

BTW; what errors are you referring to?

Thanks.

[edit] OOPs reread your post. I'll recheck my changes.

Built a new box to test the AD integration with. After following the steps provided I get a page not found when trying to access the mailwatch. I've tried both http and https <IP Address>, same results.

I tried to attach a couple of txt files but the system doesn't allow txt files.

Page not found?

Umm...

1) Is apache running?
2) Is the ip address available, open, and not a duplicate IP on the network?
3) Is /var/www/html/mailscanner present?

1. I believe so but need to know where to check services (location and name).
2. Yes
3. Yes

What's odd is I only lost access to the webpage after I enabled the AD integration. It appears that you lose the ability to login with a local username after the change.

Here is a snippet of the configuration files.
-config.php-

// LDAP settings
define('USE_LDAP', '1');
define('LDAP_HOST', 'walesdc.hoodview.fcu');
define('LDAP_PORT', '389');
define('LDAP_DN', 'DC=hoodview,DC=fcu');
define('LDAP_USER', 'efa@hoodview.fcu');
define('LDAP_PASS', 'hoodview');
define('LDAP_SITE', 'Wales');

-functions.php-

ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

function ldap_authenticate($USER,$PASS) {
$USER = strtolower ($USER);
if ($USER != "" && $PASS != "") {
$ds = ldap_connect (LDAP_HOST,LDAP_PORT) or die ("Could not connect to ".LDAP_HOST);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind ($ds, LDAP_USER, LDAP_PASS);
if (strpos ($USER, '@')){
# $r = ldap_search ($ds, LDAP_DN, "proxyaddresses=SMTP:$USER") or die ("Could not search");
$r = ldap_search ($ds, LDAP_DN, "mail=$USER") or die ("Could not search");
} else {
$r = ldap_search ($ds, LDAP_DN, "sAMAccountName=$USER") or die ("Could not search");
}
if ($r) {
$result = ldap_get_entries ($ds, $r) or die ("Could not get entries");
if ($result[0]) {
$USER = $result[0]['userprincipalname']['0'];
if (ldap_bind ($ds, $USER, "$PASS")) {
# if (isset ($result[0]['proxyaddresses'])) {
# foreach ($result[0]['proxyaddresses'] as $email) {
if (isset ($result[0]['mail'])) {
foreach ($result[0]['mail'] as $email) {
if (substr ($email, 0, 4) == "SMTP") {
$email = strtolower (substr ($email, 5));
break;
}
}
}
$sql = sprintf ("SELECT username from users where username = %s", quote_smart($email));
$sth = dbquery ($sql);
if (mysql_num_rows ($sth) == 0) {
$sql = sprintf ("REPLACE into users (username, fullname, type, password) VALUES (%s, %s,'U',NULL)", quote_smart($email), quote_smart($result[0]['cn'][0]));
$sth = dbquery ($sql);
}
return $email;

Replace your # symbols with // and see what happens....

If your referring to the functions.php I did that to indicate a comment as I copied the line before changing it. Was that incorrect?

Thanks.

[edit] - This is a 3.0.0.1 box. I'm in the process of downloading the 3.0.0.4 and will build a new box with that and will try again. Found the link in one of the other posts but cannot download directly from the download page (at least I haven't found where).