That’s right, you can pull all of your email users into E.F.A. and authenticate against AD (probably any LDAP server)!
I plan on making this a configuration option in a later release of E.F.A.
For now, follow these steps.
1) Create a user and password (proxy service account) in AD to allow username lookups
2) Configure Mailwatch
Edit /var/www/html/mailscanner/conf.php
// LDAP settings
define('USE_LDAP', '1');
define('LDAP_HOST', 'server.example.com');
define('LDAP_PORT', '389');
define('LDAP_DN', 'DC=example,DC=com');
define('LDAP_USER', 'LDAPProxy@example.com');
define('LDAP_PASS', 'secret');
define('LDAP_SITE', 'default-first-site-name');
Further down in the same file…change ‘proxyaddresses’ to ‘mail’ depending on your LDAP implementation.
-
define('LDAP_EMAIL_FIELD', 'mail');
2) Add the following two lines (AD) to Mailwatch functions.php if using root of domain for username lookups
The following lines are needed in functions.php for this situation
Before this line (near line 2280 in function ldap_authenticate)
$ds = ldap_connect(LDAP_HOST, LDAP_PORT) or die (“Could not connect to ” . LDAP_HOST);
Insert the following two lines immediately BEFORE:
3) Install php-ldap
-
yum install php-ldap
That’s it. Enjoy!
thanks to shawniverson on the EFA forums fo rthis information