I would like to add that, for Windows 200x domain controllers, the two-step process is not necessary. You can pass the user's username and password to the CFLDAP query and if it works, you are set, if not, then the username/password combination was wrong to start with.
Windows allows all domain users to query the Active Directory, by default. M!ke -----Original Message----- From: Rebecca Wells [mailto:[EMAIL PROTECTED] Sent: Friday, January 28, 2005 11:40 AM To: CF-Talk Subject: Re: LDAP question Here is the CFC I use to authenticate users. Notice that there are 2 LDAP queries, first to see if the user exists, then using the returned username and form.password to return their info. This is from the example given on page 369 of the book "Developing ColdFusion MX Applications with CFML. <!--- NOTE: for this to work, this code needs to be in a MX accessible web root. USAGE: <cfinvoke component="security" method="authenticate" returnVariable="authenticated" cfcUsername="#form.username#" cfcPassword="#form.password#" > ---> <cfcomponent> <cffunction access="public" name="authenticate" output="0"> <!--- security authentication function ---> <!--- username and password required ---> <cfargument name="cfcUsername" type="string" required="1"/> <cfargument name="cfcPassword" type="string" required="1"/> <cfset UserSearchFailed = 0> <!--- This filter will look in the objectclass for the user's ID. ---> <cfset filter = "(&(objectclass=person)(uid=" & arguments.cfcUsername & "))"> <!--- Query LDAP for the user's DN; used later to authenticate the user. ---> <cftry> <cfldap action="query" name="userSearch" attributes="dn" start="o=#companyName#" scope="SUBTREE" server="#serverIP#" port="389" filter="#filter#"> <cfcatch type="Any"> <cfset UserSearchFailed = "true"> </cfcatch> </cftry> <!--- If the user search failed or returns 0 rows abort. ---> <cfif NOT userSearch.recordcount OR UserSearchFailed> <cfset UserSearchFailed = "true"> <cfset errormsg = "UID for " & #arguments.cfcUsername# & " not found."> </cfif> <cfif userSearch.recordcount and not UserSearchFailed> <!--- Pass user's DN & password to see if the user authenticates. ---> <cftry> <cfldap action="QUERY" name="auth" attributes="givenname,surname,uid,userid,groupMembership,mail,dn" start="o=#companyName#" scope="SUBTREE" server="#serverIP#" port="389" filter="#filter#" username="#userSearch.dn#" password="#arguments.cfcPassword#"> <cfcatch type="Any"> <cfset UserSearchFailed = "true"> </cfcatch> </cftry> </cfif> <cfset User = StructNew()> <cfif not UserSearchFailed and auth.recordCount and len(auth.userid) eq 4> <cfif auth.groupMembership IS NOT ""> <!--- Parse the roles from the group memberships. ---> <cfset groupList = Replace(auth.groupMembership, ", ", ":", "All")> <cfloop list="#groupList#" index="i" delimiters=":"> <cfset thisRoleStart = FindNoCase("uid=", i)+4> <cfset thisRoleEnd = FindNoCase(",", i, thisRoleStart)> <cfset roles = roles & Mid(i, thisRoleStart, thisRoleEnd-thisRoleStart) & ","> </cfloop> </cfif> <!--- Trim final comma from the end of the roles variable. ---> <cfset roles = RemoveChars(roles, len(roles), 1)> <cfscript> StructInsert(User, "givenname", auth.givenname); StructInsert(User, "surname", auth.surname); StructInsert(User, "uid", auth.uid); StructInsert(User, "userid", auth.userid); StructInsert(User, "roles", roles); StructInsert(User, "mail", auth.mail); StructInsert(User, "ou", auth.dn); </cfscript> </cfif> <cfreturn User/> </cffunction> </cfcomponent> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192119 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
