Hoping *someone* can help me with my LDAP question

[msoultan]

Well, I have posted this question practically everywhere yet I have no
answers and even worse, I really don't know where to go next. If there
is someone that could recommend a support path, I would *really*
appreciate it as this is causing big problems for me. Here are the details:

When I run an LDAP query, Coldfusion is asking for a bunch of additional
Java objects. I would hope that someone can help me explain it to my
LDAP admin that it's normal, or at least what they are.

Here's the LDAP query I'm trying to perform:

<cfldap action="query"
name="qCheckUsername"
server="#ldapserver#"
port="389"
attributes="uid"
maxrows="100"
start="cn=People,ou=school,dc=edu"
scope="subtree"
filter="(uid=#someuid#)"
username="uid=#myuserid#,cn=people,ou=school,dc=ed u"
password="#mypassword#">

The problem that I'm having is instead of ColdFusion only asking for
just the UID in the LDAP query, it is also asking for a bunch of other
stuff. Take a look at what iPlanet shows in the logs:

attrs="uid objectClass javaSerializedData javaClassName javaFactory
javaCodebase javaReferenceAddress javaClassNames javaremotelocation"

Any idea why ColdFusion (and/or the java subsystem) is asking for all of
those extra attributes? Know what they are? I really only need the uid.
My LDAP admin is extremely tight and does not want to give access to
those objects because he doesn't know what they are so unfortunately I
can't get any info at all!

So, I just need to figure out what those extra attributes are so then
maybe I can convince him to allow CF to see them. Any help would be
very much appreciated!

Thanks,
Mike

[jorgepino]

what are you tryiing to do?
just to authorized access to the site via ldap?

[Mike Soultanian]

jorgepino wrote:

> what are you tryiing to do?
> just to authorized access to the site via ldap?
>

I'm trying to bind to our ldap server yet coldfusion is asking for too
much information. I'm trying to figure out why it's asking for all
those extra attributes, or figure out what they are, so I can explain to
my admin that they are ok.

[EZH]

I'm not an expert on LDAP, but I've queried it with CF on several
occasions... One thing that caught my eye is what your value is for
the Username. I've used the CFLDAP username/password parameters for
authenticating in a Windows (AD) and Unix (Mail server) environment,
but I've never seen actual LDAP parameters (example: cn,ou,dc) being
used in the values for the username. Usually that's just a simple
username or a "domain\username" combination.

What platform are you querying LDAP on?



On Thu, 23 Jun 2005 16:27:51 +0000 (UTC), "msoultan"
<webforumsuser@macromedia.com> wrote:

>Well, I have posted this question practically everywhere yet I have no
> answers and even worse, I really don't know where to go next. If there
> is someone that could recommend a support path, I would *really*
> appreciate it as this is causing big problems for me. Here are the details:
>
> When I run an LDAP query, Coldfusion is asking for a bunch of additional
> Java objects. I would hope that someone can help me explain it to my
> LDAP admin that it's normal, or at least what they are.
>
> Here's the LDAP query I'm trying to perform:
>
> <cfldap action="query"
> name="qCheckUsername"
> server="#ldapserver#"
> port="389"
> attributes="uid"
> maxrows="100"
> start="cn=People,ou=school,dc=edu"
> scope="subtree"
> filter="(uid=#someuid#)"
> username="uid=#myuserid#,cn=people,ou=school,dc=ed u"
> password="#mypassword#">
>
> The problem that I'm having is instead of ColdFusion only asking for
> just the UID in the LDAP query, it is also asking for a bunch of other
> stuff. Take a look at what iPlanet shows in the logs:
>
> attrs="uid objectClass javaSerializedData javaClassName javaFactory
> javaCodebase javaReferenceAddress javaClassNames javaremotelocation"
>
> Any idea why ColdFusion (and/or the java subsystem) is asking for all of
> those extra attributes? Know what they are? I really only need the uid.
> My LDAP admin is extremely tight and does not want to give access to
> those objects because he doesn't know what they are so unfortunately I
> can't get any info at all!
>
> So, I just need to figure out what those extra attributes are so then
> maybe I can convince him to allow CF to see them. Any help would be
> very much appreciated!
>
> Thanks,
> Mike

[jorgepino]

i tried to keep it simple.
I am using to Ldap just Authenticate

<cftry>
<cfldap action="QUERY"
name="auth"
attributes="name"
start="#ServerDS#"
server="#Serverdomain#"
username="#trim(form.username)#"
password="#trim(form.password)#">

<cfset session.isAuthenticated="yes">
<cfcatch type="ANY">
<cfset session.isAuthenticated="no">
</cfcatch>
</cftry>