Steve: Are you using NT or U* for your LDAP server? What you describe is
what I used to do, which worked when the LDAP server was on an NT machine.
However, it only works because of a bug in NT that allowed the
authentication to work over a non-SSL connection (ie, the password was being
passed as cleartext), which is why the LDAP people in my company moved their
server to Linux, which is why I have to use an SSL connection whenever I
have data in the username/password attributes.
Any other ideas out there?
thanks
-reed
------------------------------
Date: Wed, 13 Sep 2000 21:17:39 -0400
From: "Steve Bernard" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: CFLDAP & SSL
Message-ID: <[EMAIL PROTECTED]>
One way I've done it is to make all operations queries, except for writes of
course. If you just need to perform an authentication, request some
attribute like "firstname" and pass the username/password. If the request
returns an error or nothing at all then you know that the login information
was bad. You need to be absolutely positive that the target attribute will
always be populated if you are going to test the return value to validate.
Otherwise you may receive false negatives.
Steve
-----Original Message-----
From: Reed Powell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 13, 2000 9:03 PM
To: [EMAIL PROTECTED]
Subject: CFLDAP & SSL
Hello everyone, this is round two of questions on my CFLDAP trek; thanks for
the responses to
my initial post last week. I've since upgraded to 4.5.1, so I now have the
SECURE attribute for CFLDAP at my disposal, for an SSL connection. This
(SSL connection) is what I needed to connect to the LDAP server to do
authentication, because the moved the LDAP servers from NT to Linux to get
away from a security hole in NT (the same hole that let my authentication
work ok in that past!). Here's the glitch. The LDAP server doesn't make
use of a certificate if I'm only doing authentication (as opposed to making
an update to the LDAP data). However, CFLDAP requires the certificate
information if I include the SECURE attribute. Is there any way to have CF
not want to see the certificate database when I call CFLDAP?
thanks
-reed
------------------------------
------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
