EGroupware with Active Directory Authentication

Background
This article was written on 20-Dec-23.
Like many organizations, my company is using Active Directory. If I ask users to use another different set of credentials then they will look at me in despair like saying “why you are doing this to me?”
So when evaluating EGroupware, I have to setup Active Directory authentication.

Precautions
There is no precaution that I know of.

Prerequisites
EGroupware installed.
Active Directory running.

Process
I setup EGroupware using Debian, following below tutorial:
https://help.egroupware.org/t/my-installation-of-egroupware-19-1-on-debian-10/73996#Done!
Although I am doing it on proxmox, using debian 12 linux container (LXC) image and egroupware community edition version 23.1.

Find passwords
After successfull installation find the admin and sysop password in:
/var/lib/egroupware/egroupware-docker-install.log

egroupware install log

You should see something like this:

admin and sysop passwords

Configuring eGroupware authentication
Next you need to login to egroupware setup page using:
http://[servername/IP]/egroupware/setup

Login to egroupware setup page

supply admin user password as above, login and select edit current configuration.

edit egroupware configuration

Egroupware offers various authentication methods, but we want to use Active Directory only.

• additional info; we have to define local host with server name/IP as egroupware is installed on Docker and it has its own (Docker) internal IP.

Supply server name or IP as host name

egroupware AD authentication configuration

• Change the authentication type from SQL to Active Directory.
• Fallback authentication: set as enable to allow sysops login (which is not an AD user).
• User account store: SQL; because I want to manage egroupware user/directory setting in egroupware, not in AD
• auto create account for authentication: set as yes, so egroupware will have its own user record
• auto created user accounts expire: once you are in production, set it as disable
• add auto created users to this group: I suggest that you create your own egroupware user group and add your authenticated users automatically to this group. This is because permission can be based by user groups and you want to set a default functionality
• if no acl records: set as grant, this is to review that AD authentication is working.

Once done, restart the server (I could not remember the service name).

Create egroupware user groups
Once server is up, open your egroupware and login using sysop.

Login using sysop

Right click on the user groups and select add group.

Add group in egroupware

For now ignore adding members as they will be added automatically at successful login/authentication.
Most importantly select the applications that your group can access.

Select application for group access

Next, try login with an existing Active Directory user. You should be able to login and see applications assigned to the user groups above.

Good luck, you can comment below if you have further questions.