Re: Enumerating AD Group Membership

Thu, 19 Jun 2008 06:09:19 -0700 

So, are you looking for something like this?
<cfldap action="QUERY"
                name="potentialusers"
                
attributes="member,cn,dn,mail,uid,mailNickname,userPrincipalName,sAMAccountName"
                start="Your start OU"
                filter="(&(objectCategory=Person)(memberOf=#arguments.group#))"
                
                server="#arguments.server"
                username="#arguments.username#"
                password="#arguments.password#"
                separator=";">  

Where what you'd pass in the arguments.group would be something like:

CN=YOURCN,ou=groups,ou=ou1,ou=ou2,dc=dc1,dc=dc2 <---- basically just
showing that you'd be looking in a "groups" ou here.

I do the above, passing in the users credentials. If it returns a
query, it'll return all the users in the group. Now, the user that you
passed in may not actually be part of the group, depending on their
authentication privs, so you still need to do a query of query to make
sure that the passed in user is in the returned users. Make sense? For
us, the userPrincipalName is the field that needs to match the
username as typed in.



On Wed, Jun 18, 2008 at 11:55 AM, William Bowen <[EMAIL PROTECTED]> wrote:
> I need to authenticate our external site against a new AD that has been set 
> up.
>
> I'm cool with the LDAP connection stuff, and can get the
> PrimaryGroupID without a problem.
>
> My stumbling block is translating that ID number into "Domain Users"
> (or whatever) group.
>
> Are there any CF scripts, etc that I can use for this, or will i need
> to dust off the ol'ASP or VBScript books?
>
> Thanks
>
> :-)
> --
> will
>
> "If my life weren't funny, it would just be true;
> and that would just be unacceptable."
> - Carrie Fisher
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j

Archive: 
http://www.houseoffusion.com/groups/CF-Community/message.cfm/messageid:262223
Subscription: http://www.houseoffusion.com/groups/CF-Community/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5

Reply via email to