RE: Active Directory

Fri, 21 May 2004 07:50:53 -0700

I'm not sure why you wouldn't be able to take off the OUs...but maybe
there's something above the OUs you can use?

My queries I'm playing with to use AD based authentication look like
this

***first query to connect to ldap and query the username entered***

<CFLDAP NAME="ServConnect"

SERVER="server"

            PORT="389"

            ACTION="">
            ATTRIBUTES="samaccountname"

            START="CN=Users,DC=root,DC=domain,DC=com"

            SCOPE="subtree"

            FILTER="samaccountname=#user#"

            USERNAME="[EMAIL PROTECTED]"

            PASSWORD="password">

***then a second query to connect as the user and test password***

<CFLDAP NAME="AuthUser"

SERVER="server"

            PORT="389"

            ACTION="">
            ATTRIBUTES="samaccountname"

            START="CN=Users,DC=root,DC=domain,DC=com"

            SCOPE="subtree"

            FILTER="samaccountname=#user#"

            username="[EMAIL PROTECTED]"

            password="#password#">

I don't know if the first query is really needed, but if the first query
fails, you know its not a valid username and if the second fails you
know its not a valid password

I used this tool to see more into ldap and copied out some of the DN
stuff it found to get my start string

http://www.iit.edu/~gawojar/ldap/



-----Original Message-----
From: Ray Hamann [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 20, 2004 8:17 AM
To: CF-Talk
Subject: Active Directory

I need to use CFLDAP to match a form submitted username and password to
Active Directory not knowing what OU's the user may be in. I have to use
a special account to bind to AD with so the username and password
attributes are already utilized. I can successfully pull back a users
information using the code below, however, I must know the entire OU
already, as there doesn't seem to be a wildcard search, AND, I can not
filter on username and password.

This works:

cfldap name="authenticate"
server="myschoolsad.edu"
action=""
attributes="cn,sn,givenName,mail"
start="OU=department,OU=group,DC=branch,DC=ad,DC=school,DC=edu"
filter="cn=JohnSmith"                    
sort="sn"
sortcontrol="nocase"
maxrows="100"
username="bindAccountUsername"
password="bindAccountPassword"

However, I can not drop the OU references from the start or it fails and
I can not add a filter like:

(&(cn=#attributes.username#)(Password=#attributes.password

Is anyone doing this or can anyone offer a possible direction.

  _____
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]

Reply via email to