there's something above the OUs you can use?
My queries I'm playing with to use AD based authentication look like
this
***first query to connect to ldap and query the username entered***
<CFLDAP NAME="ServConnect"
SERVER="server"
PORT="389"
ACTION="">
ATTRIBUTES="samaccountname"
START="CN=Users,DC=root,DC=domain,DC=com"
SCOPE="subtree"
FILTER="samaccountname=#user#"
USERNAME="[EMAIL PROTECTED]"
PASSWORD="password">
***then a second query to connect as the user and test password***
<CFLDAP NAME="AuthUser"
SERVER="server"
PORT="389"
ACTION="">
ATTRIBUTES="samaccountname"
START="CN=Users,DC=root,DC=domain,DC=com"
SCOPE="subtree"
FILTER="samaccountname=#user#"
username="[EMAIL PROTECTED]"
password="#password#">
I don't know if the first query is really needed, but if the first query
fails, you know its not a valid username and if the second fails you
know its not a valid password
I used this tool to see more into ldap and copied out some of the DN
stuff it found to get my start string
http://www.iit.edu/~gawojar/ldap/
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
