For the record, I found some problem in Step3 - Create Admin Account.
Writing this because it might help others with similar problems.
Fresh EGw installation, setup page. Both AUTH and ACCOUNTS store are set to AD in the step 2 - Config.
I proceed to step 3 - Create admin account. The step ends up with an “Error creating admin user”. Checking the logs, seems that the process is not completed because it cannot set the password for the newly generated egw admin (file Accounts/Ads.php line 1447 - “Server is unwilling to perform”).
I checked that the account admin user (specified in step 2 - Config ) has full access to the OU (that is set in step 2 - Config) and descendant objects, and it DOES have Reset password privilege, so I see no obvious reason. The password is strong and meets the domain requirements, and the error log dosen’t indicate any problem with password itself. Might be an effect of some other security policy, I don’t know.
Because of the error, the egw admin account is created but disabled. Thus, login is impossible. I reset the password manually in on AD DC and enable the account.
The groups Admins and Default are also created, but are empty. So I manually add the admin account to them.
However, this dosen’t help so far - the admin can log in now, but has empty Egroupware with no apps and no options whatsoever.
Looking into admin_account.php, it seems for me (not being a PHP expert, though) that the process of creating admin user only proceeds to granting EGw application access after SUCCESSFULLY accomplishing all the previous steps.
If this is the case, it is not correct in my opinion - if the groups are created, the access should be granted anyway. If there is a problem with setting password to admin account, it should say it but it shouldn’t prevent from granting access to groups! And it shouldn’t prevent from adding the admin user to these groups either!
I think so because the problems with admin account can be quite easily resolved on the side of AD DC. But problems in application access require either tackling with EGw database at low level, or modifying the PHP code; neither of these are user-friendly steps.