RE: LDAP Authentication

Wed, 11 May 2005 13:17:35 -0700 

> It's not my server, we only have access to it.  I believe it is not a 
> windows server, more than likely it is running on a UNIX server.  
> Could be Netscape.  I work for a large organization, so we have access 
> to it, but have no control over it.  Neither are we privy to any specs.  

Then use the 2 query approach. For example:

<cfset UserSearchFailed = 0>
<!--- This filter will look in the objectclass for the user's ID. --->
<cfset filter = "(&(objectclass=person)(uid=" & attributes.Username & "))">

<!--- Query LDAP for the user's DN; used later to authenticate the user. --->
<cftry>
        <cfldap action="query"
        name="userSearch"
        attributes="dn"
        start="o=something"
        scope="SUBTREE"
        server="myLDAPServer"
        port="389"
        filter="#filter#">
        <cfcatch type="Any">
                <cfset UserSearchFailed = "true">
        </cfcatch>
</cftry>
                
<!--- If the user search failed or returns 0 rows abort. --->
<cfif NOT userSearch.recordcount OR UserSearchFailed>
        <cfset UserSearchFailed = "true">
        <cfset errormsg = "UID for " & #attributes.Username# & " not found.">
</cfif>

<cfif userSearch.recordcount and not UserSearchFailed>
<!--- Pass user's DN & password to see if the user authenticates. --->
        <cftry>
                <cfldap action="QUERY"
                name="auth"
                
attributes="givenname,surname,uid,userid,groupMembership,mail,dn"
                start="o=something"
                scope="SUBTREE"
                server="myLDAPServer"
                port="389"
                filter="#filter#"
                username="#userSearch.dn#"
                password="#attributes.Password#">
                <cfcatch type="Any">
                        <cfset UserSearchFailed = "true">
                </cfcatch>
        </cftry>
</cfif>

Another recommendation: get a copy of Softerra LDAP Browser 
http://www.ldapbrowser.com/ Version 2.6 is freeware.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Logware (www.logware.us): a new and convenient web-based time tracking 
application. Start tracking and documenting hours spent on a project or with a 
client with Logware today. Try it for free with a 15 day trial account.
http://www.houseoffusion.com/banners/view.cfm?bannerid=67

Message: http://www.houseoffusion.com/lists.cfm/link=i:4:206460
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54

Reply via email to