I've not heard of the "alias" attribute. If you are using Active Directory,
try using the sAMAccountName attribute rather than the alias attribute.
You can also use the full email address for the userPrincipalName attribute, in
most cases.
I assume you are not getting any actual errors, so, the first thing I would do
is narrow down the cause of the problem. Remove the filter and replace all
variables with hard-coded values. Run the query and see if you get any records.
If you get no records, and there is no filter, then the problem most likely
lies with the user account's permissions. (However, I would assume that an
account permission problem would throw an error.)
All in all, I think if you change "alias" to "sAMAccountName", your filter
should work.
The next part of your question, regarding the group membership, is pretty easy
to answer. If you add the "memberOf" attribute, to your query, you will get a
list of group distinguishedNames of which the user is a member. You will need
to also use the "separator" attribute of the CFLDAP tag to correctly return the
group DNs.
Finally, if you are filtering down to a single account, you don't need to
specify an objectClass. The query will return the record that matches the
username, and it can only be one type.
Below are the added/modified attributes of the CFLDAP tag according to my
suggestions.
<cfldap ...
separator="#chr(9)#"
attributes="cn,sn,dn,title,memberOf"
filter="sAMAccountName=#username#"
...>
M!ke
_____
From: Dan Lopez [mailto:[EMAIL PROTECTED]
Sent: Wed 11/21/2007 2:46 PM
To: CF-Talk
Subject: Issues with CFLDAP
I have the following query for an LDAP server:
<!---#### Grab the authenticated username and remove the domain & / ####--->
<cfset userName = #GetAuthUser()#>
<cfset adminPass = #application.thepassword#>
<cfldap action="query"
name="getUser"
attributes="cn,sn,dn,title,mail,telephonenumber,alias"
start="dc=acct,dc=upmchs,dc=net"
filter="(&(objectclass=user)(alias=#userName#))"
server="acct.upmchs.net"
sort="cn ASC"
username="1upmc-acct\#userName#"
password="#adminPass#">
<cfdump var="#getUser#" label="#userName#">
But, when I go to output the query, I end up with nothing, I even tried to use
a cfdump var="getUser", but it just came up empty. Does anyone know why? I'm
guessing it has to do with it trying to find #userName# in active directory. Is
there any way this can also be implemented in finding which groups are
associated with #userName#?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Enterprise web applications, build robust, secure
scalable apps today - Try it now ColdFusion Today
ColdFusion 8 beta - Build next generation apps
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:293662
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
