How to integrate E.F.A with Active Directory on


That’s right, you can pull all of your email users into E.F.A. and authenticate against AD (probably any LDAP server)!

I plan on making this a configuration option in a later release of E.F.A.

For now, follow these steps.

1) Create a user and password (proxy service account) in AD to allow username lookups

2) Configure Mailwatch

Edit /var/www/html/mailscanner/conf.php

    // LDAP settings
    define('USE_LDAP',                 '1');
    define('LDAP_HOST',      '');
    define('LDAP_PORT',      '389');
    define('LDAP_DN',        'DC=example,DC=com');
    define('LDAP_USER',      '');
    define('LDAP_PASS',      'secret');
    define('LDAP_SITE',      'default-first-site-name');

Further down in the same file…change ‘proxyaddresses’ to ‘mail’ depending on your LDAP implementation.

define('LDAP_EMAIL_FIELD', 'mail');

2) Add the following two lines (AD) to Mailwatch functions.php if using root of domain for username lookups

The following lines are needed in functions.php for this situation

Before this line (near line 2280 in function ldap_authenticate)

$ds = ldap_connect(LDAP_HOST, LDAP_PORT) or die (“Could not connect to ” . LDAP_HOST);

Insert the following two lines immediately BEFORE:

ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

3) Install php-ldap

yum install php-ldap

That’s it. Enjoy!


thanks to shawniverson on the EFA forums fo rthis information