I currently do this, but it's not the most-elegant solution. I have a session-based user object. This object holds most of the information I need, regarding a user. One of the attributes is an array of groups.
I get the groups from Active Directory membership, or from other areas of the business. In other words, the groups array contains more than just AD groups. This lets me use the single array for all sorts of authorization. Then, I have a method, as part of the user object, that I pass the name(s) of a group(s). If the user is in, at least, one of those groups, they are allowed access. M!ke -----Original Message----- From: Jillian Koskie [mailto:[EMAIL PROTECTED] Sent: Friday, December 23, 2005 8:37 AM To: CF-Community Subject: CFLDAP - Permission by AD group Good morning... I'm still working on my system for authentication using our Active Directory. I can certainly query for the list of groups that a user is in and grant permission based on the group existing in the list. Has anybody done this in an elegant way? I'm looking for some inspiration. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Purchase Flash MX Pro from House of Fusion, a Macromedia Authorized Affiliate and support the CF community. http://www.houseoffusion.com/banners/view.cfm?bannerid=57 Message: http://www.houseoffusion.com/lists.cfm/link=i:5:189590 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/5 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
