Re: CFLDAP frustration

Thu, 05 Aug 2004 07:52:05 -0700

Karen,
We use a custom tag for dealing with groups. I didn't write it and I don't
know where it came from. It preceeds me. (And, eesh, it uses
"parameterexists()".)  But, this is the call to it: *fill in the XXX with
your appropriate info

<cf_ldap_group
   server="#request.ldapserver#"
   username="uid=#request.ldapusername#,ou=XXX,ou=XXX,ou=XXX,o=XXX"
   password="#request.ldappassword#"
   group_dn="#group_dn#"
   base_dn="ou=XXX,ou=XXX,ou=XXX,o=XXX"
   user_id="#newid#"
   action="">
And here's the tag:

<cfset caller.ldap_result = "-5">
<cfset caller.ldap_result_string = "No Error Assigned for this number">
<cfparam name="attributes.port" default="389">
<cfif  ParameterExists(attributes.server)
  AND ParameterExists(attributes.username)
  AND ParameterExists(attributes.password)
  AND ParameterExists(attributes.GROUP_DN)
  AND ParameterExists(attributes.ACTION)
  AND ParameterExists(attributes.BASE_DN)
  AND ( ParameterExists(attributes.USER_DN)
   OR   ParameterExists(attributes.USER_ID) )>
  <!--- So far so good  --->
  <CFELSE>
  Required Parameters are missing<br>
  <br>
  Tag Parameters are as follows
  <pre>

&lt;CF_LDAP_GROUP
  SERVER="ldap.yourcompany.com"
  USERNAME="cn=Directory Manager etc"
  PASSWORD="****"
  PORT="389"  ** Optional defaults to 389...
  GROUP_DN="DN"
  USER_DN = "DN"
  <i>OR</i> USER_ID="USER_ID="Multiple Comma seperated UID's""
  BASE_DN="base_dn for ldap search"
  ACTION="">   DEBUG="YES"&gt;</pre>
  <CFABORT>
</cfif>
<cfif "ADD,REMOVE" does not contain attributes.ACTION>
  <cfset caller.ldap_result = "-4">
  <cfset caller.ldap_result_string = "Unsupported action">
  <cfexit>
</cfif>
<!--- Check to See If Group Exists --->
<CFLDAP Name="check_group"
SERVER="#ATTRIBUTES.SERVER#"
USERNAME="#ATTRIBUTES.USERNAME#"
PASSWORD="#ATTRIBUTES.PASSWORD#"
PORT="#attributes.port#"
ACTION=""> ATTRIBUTES="dn,cn,uid,uniquemember"
SCOPE="SUBTREE"
START="#ATTRIBUTES.GROUP_DN#">
<cfif check_group.recordcount is not 1>
  <cfif ParameterExists(attributes.debug) is "no" >
    <cfoutput> An Error Occurred Retrieving Group
"#attributes.group_dn#"<br>
      #check_group.recordcount# Records where retrieved.<br>
    </cfoutput>
    <cfabort>
  </cfif>
  <cfset caller.ldap_result = "-1">
  <cfset caller.ldap_result_string = "Group Not Found">
  <cfexit>
</cfif>
<!--- Check to user if user exists --->
<cfif ParameterExists(attributes.user_Id)>
  <cfset target_dn = "">
  <cfset count = Listlen(attributes.user_Id)>
  <cfloop from="1" to="#count#" index="users">
    <cfset this_user=Listgetat(attributes.user_id,users)>
    <CFLDAP Name="check_user"
    SERVER="#ATTRIBUTES.SERVER#"
    USERNAME="#ATTRIBUTES.USERNAME#"
    PASSWORD="#ATTRIBUTES.PASSWORD#"
    PORT="#attributes.port#"
    ACTION="">     ATTRIBUTES="dn,cn,uid,uniquemember"
    SCOPE="SUBTREE"
    FILTER="(uid=#this_USER#)"
    START="#attributes.base_dn#">
    <cfif check_user.recordcount is not 1>
      <!--- no match break to generate error!!! --->
      <cfbreak>
    </cfif>
    <!--- Add DN to a semi colon delimtered list --->
  <cfset target_dn = #Replace(check_user.dn, ", ", ",", "ALL")# & ";" &
target_dn>
<!--- reck    <cfset target_dn = "#Replace(check_user.dn, ",", ",,",
"ALL")#;#target_dn#"> --->
  </cfloop>
  <cfelse>
  <!--- Check for a entry with the first part of the DN --->
  <cfset filter="(#listfirst(attributes.user_dn)#)">
  <CFLDAP Name="check_user"
   SERVER="#ATTRIBUTES.SERVER#"
   USERNAME="#ATTRIBUTES.USERNAME#"
   PASSWORD="#ATTRIBUTES.PASSWORD#"
   PORT="#attributes.port#"
   ACTION="">    ATTRIBUTES="dn,cn,uid"
   SCOPE="SUBTREE"
   FILTER="#filter#"
   START="#attributes.base_dn#">
<!--- if the first part of the dn returns a match,
  the whole is likely to exist --->
  <cfif check_user.recordcount is not 0>
    <CFLDAP Name="check_user"
   SERVER="#ATTRIBUTES.SERVER#"
   USERNAME="#ATTRIBUTES.USERNAME#"
   PASSWORD="#ATTRIBUTES.PASSWORD#"
   PORT="#attributes.port#"
   ACTION="">    ATTRIBUTES="dn,cn,uid"
   SCOPE="SUBTREE"
   START="#ATTRIBUTES.USER_DN#">
    <cfif check_user.recordcount is not 0>
      <!--- IF THIS IS SUCESSFUL CREATE TARGET DN --->
    <cfset target_dn = check_user.dn>
<!--- reck      <cfset target_dn = "#Replace(check_user.dn, ",", ",,",
"ALL")#"> --->
    </CFIF>
    <cfset count=check_user.recordcount>
  </cfif>
</cfif>
<cfif check_user.recordcount is not 1>
  <cfif ParameterExists(attributes.user_id) is "no">
    <cfset this_user=attributes.user_dn>
  </cfif>
  <cfif ParameterExists(attributes.debug)>
    <cfoutput> Error Looking for User "#this_user#"<br>
      #check_user.recordcount# Records where retrieved.<br>
    </cfoutput>
    <cfabort>
  </cfif>
  <cfset caller.ldap_result = "-2">
  <cfset caller.ldap_result_string = "User '#this_user#' Not Found">
  <cfexit>
</cfif>
<!--- Double Escape comma's to get round CF using comma's as delimiters,

  Also then un-escape the comma's between DN's based on

  the last attribute of the DN Pairs --->
<!--- reck
<CFSET norm_members= Replace(check_group.uniquemember, ",", ",,", "ALL")>

<CFSET base_dn= Replace(attributes.base_dn, ",", ",,", "ALL")>
--->
<CFSET members=
ReplaceNoCase(check_group.uniquemember,"#attributes.base_dn#,
","#attributes.base_dn#$","ALL")>
<cfset update = 0>
<!--- Remove the user DN from the grouprecords --->

<cfloop list="#target_dn#" delimiters=";" index="user">
  <cfif FindNoCase(user,members) is 0>
    <cfif attributes.action is "add">
      <!--- Tack new DN on at the end of the group --->
      <CFSET members = "#members#$#user#">
      <cfset update = 1>
      <cfelseif attributes.action is "REMOVE">
      <!--- Do Nothing USER DN is not in group!!! --->
      <cfset caller.ldap_result = "-3">
      <cfset caller.ldap_result_string = "User '#user#' was not found in
group">
      <cfexit>
    </cfif>
    <cfelseif attributes.action is "REMOVE">
    <!--- Replace the DN with nothing to REMOVE it --->
    <CFSET members = "#Replace(members,"#user#,","","ONE")#">
    <!--- Just In Case the DN to be deleted is the last in the list --->
    <CFSET members = "#Replace(members,"#user#","","ONE")#">
    <cfset update = 1>
  </cfif>
  <br>
</cfloop>
<br>
<cfif update is "1">
  <cfif check_group.uniquemember is "">
    <CFSET Members = Mid(Members, 2, Len(Members)-1)>

    <!--- If the group is empty ( ie no DN's in unique member --->
    <CFLDAP SERVER="#ATTRIBUTES.SERVER#"
    USERNAME="#ATTRIBUTES.USERNAME#"
    PASSWORD="#ATTRIBUTES.PASSWORD#"
    PORT="#attributes.port#"
    ACTION="">     ATTRIBUTES="uniquemember=#members#"
    separator="$"
          DN="#attributes.group_dn#">
    <cfelse>
    <!--- Modify LDAP group by replacing member string with new one --->

    <CFLDAP SERVER="#ATTRIBUTES.SERVER#"
    USERNAME="#ATTRIBUTES.USERNAME#"
    PASSWORD="#ATTRIBUTES.PASSWORD#"
    PORT="#attributes.port#"
    ACTION="">     ATTRIBUTES="uniquemember=#members#"
    separator="$"
          DN="#attributes.group_dn#">
  </cfif>
  <cfset caller.ldap_result = "1">
  <cfset caller.ldap_result_string =

  "Succesful #attributes.action# Operation of #count# User(s)">
  <cfelse>
  <cfset caller.ldap_result = "0">
  <cfset caller.ldap_result_string = "User Already Exists in target Group">
</cfif>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]

Reply via email to