then you can use... in Application.cfm to protect pages in that only members of the group should have access to. Works pretty well, even though a little convelutaed. I do this bit after the authetication mechanisim...that some one else wrote. ThreeRavens, try (objectcategory=cn=person,cn=schema,cn=configuration,dc=ad,dc=roseville,dc=k12,d c=mn,dc=us) this will return only people, (objectclass=user) returns user account and computer accounts. [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => [htmlstate] => on_nl2br [postusername] => JoeyTMann [ip] => webforumsuser@m [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 2 [islastshown] => [isfirstshown] => [attachments] => [allattachments] => ) --> CFLDAP Beginner - Coldfusion - Advanced Techniques

CFLDAP Beginner - Coldfusion - Advanced Techniques

I feel your pain East Side...I keep getting "Inappropriate Authentication" and the focus on the CF error page is on the attribute field. heres the code I am using to test... <cfldap action="query" name="GetUserInfo" start="DC=ds,DC=ad,DC=adp,DC=com" scope="subtree" attributes="givenname" filter="(&(objectclass=user))" server="**myserver**" port="389" username="**mylogin**" password="********"> Ihave changed the attribute to several different attributes with no change in error message: Inappropriate authentication The error occurred in D:\hronline\adtest.cfm: line 12 10 : start="DC=ds,DC=ad,DC=adp,DC=com" 11 : scope="subtree" 12 : attributes="givenname" 13 : filter="(&(objectclass=user))" 14 : server="**myserver**" port="389" Eric...

  1. #1

    Default Re: CFLDAP Beginner

    I feel your pain East Side...I keep getting "Inappropriate Authentication" and
    the focus on the CF error page is on the attribute field. heres the code I am
    using to test...

    <cfldap action="query"
    name="GetUserInfo"
    start="DC=ds,DC=ad,DC=adp,DC=com"
    scope="subtree"
    attributes="givenname"
    filter="(&(objectclass=user))"
    server="**myserver**" port="389"
    username="**mylogin**"
    password="********">

    Ihave changed the attribute to several different attributes with no change in
    error message:

    Inappropriate authentication


    The error occurred in D:\hronline\adtest.cfm: line 12

    10 : start="DC=ds,DC=ad,DC=adp,DC=com"
    11 : scope="subtree"
    12 : attributes="givenname"
    13 : filter="(&(objectclass=user))"
    14 : server="**myserver**" port="389"





    Eric

    ThreeRavens Guest

  2. #2

    Default Re: CFLDAP Beginner

    Eddie, here is what I came up with to find which groups a user belongs to.

    <cfldap
    action="QUERY"
    name="finduser"
    attributes="memberof"
    start="dc=blah,dc=com"
    scope="subtree"
    filter="samaccountname=#session.userid#"
    server="10.10.10.10"
    username="domain\username"
    password="password"
    separator=";">



    <cfset Users = #ValueList(finduser.memberof, ";")#>
    <!--- this shows the number position of the group in the list, returns 0 if
    not in the list--->
    <cfset session.showgroupuser =
    #ListContainsNoCase(Users,"CN=group,cn=users,dc=bl ah,dc=com",";")#>

    then you can use...
    <cfif #session.showSGuser# EQ 0 and #session.showDAUser# EQ 0>
    <cflocation url="/Login/denied.cfm">
    </cfif>
    in Application.cfm to protect pages in that only members of the group should
    have access to. Works pretty well, even though a little convelutaed. I do this
    bit after the authetication mechanisim...that some one else wrote.



    ThreeRavens,
    try
    (objectcategory=cn=person,cn=schema,cn=configurati on,dc=ad,dc=roseville,dc=k12,d
    c=mn,dc=us) this will return only people, (objectclass=user) returns user
    account and computer accounts.

    JoeyTMann Guest

  3. #3

    Default Re: CFLDAP Beginner

    Inappropriate Authentication... I was able to get it to work by
    using:
    username="DOMAIN\login" rather than just username="login"

    Hope that helps.


    On Wed, 2 Nov 2005 19:51:00 +0000 (UTC), "ThreeRavens"
    <com> wrote:
     
    test@test.com Guest

  4. #4

    Default Re: CFLDAP Beginner

    Turned out all I needed to do was add the domain\ to the admin login and it
    bound to the AD server. The problem we are running into now is it won't
    authenticate the password. We think this may be an issue with cfldap passing
    the password in clear text and AD storing it encrypted. LDAP, which we are in
    the process of phasing out in favor of AD, passes it a clear text. Any
    thoughts on this? Essentially what happens I use the tag to find my AD account
    using samaccountname in the filter. It finds it fine. When I add PWD to the
    fliter, it doesn't find anything. Both values are derived from form fields in
    the login.

    Eric

    ThreeRavens Guest

  5. #5

    Default Re: CFLDAP Beginner

    try it with a test account and see if it gets locked out. Are you running W2k3
    AD? If I recall correctly there is a setting so your domain controllers will
    accept clear text passwords, but I don't know how to do that, but I'm sure you
    can google it and find a MS KB on how to do it. But I would make sure that your
    logins are failing before disabling strong passwords.

    JoeyTMann Guest

  6. #6

    Default Re: CFLDAP Beginner

    I did that...it's on Win2003. We are working on a solution with the AD gurus
    at work. Hopefully we can get it squared away on Monday. MS has nothing and
    most of the references come back to the article on MAcromedia's site on CFLDAP
    and AD. One twist to the matter...apparently they had LDAP set up to have
    encrytped pwds as well...keeps life intersting hehehe

    Have a nice weekend everyone!

    Eric

    ThreeRavens Guest

Similar Threads

  1. CFLDAP anyone?
    By Mattastic in forum Coldfusion - Getting Started
    Replies: 3
    Last Post: March 28th, 11:42 PM
  2. cfldap
    By raynman13 in forum Coldfusion - Advanced Techniques
    Replies: 3
    Last Post: October 3rd, 06:13 PM
  3. CFLDAP
    By Mattastic in forum Coldfusion - Getting Started
    Replies: 17
    Last Post: August 4th, 06:26 PM
  4. CFLDAP to ASP
    By jmrak in forum Macromedia ColdFusion
    Replies: 0
    Last Post: June 24th, 03:09 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •