Authenticating against NDS with CFLDAP is pretty easy if you have the
NDS/LDAP interface enabled and accessible from the CF server. Prior to CF
4.5.x, CFLDAP did not support secure communications, via SSL -> SLDAP, and
NDS wants to use a secure channel by default, so it wasn't widely used. The
thing to remember is that this is completely different from 'Advanced
Security' in CF. You won't be able to use the security tags and functions,
authorization is in your control. You query the directory, passing the
user's login information, and parse the response. I've only worked with NDS
5, I'm not sure about 4's LDAP abilities, and I'm not a Novell tech so my
knowledge of the NDS innards is limited. For straight authentication, i.e.
not grabbing other attributes, I had to use a bit of kludge because NDS
didn't throw an error per se if the credentials were wrong. Instead it sent
back a little explanation that it couldn't validate the user, or some such.
So I made a little parser that looked for certain strings, and if a match
was made it was a bad login. Besides that it was pretty straight forward
LDAP. Unfortunately, I don't have the code on me right now but, I'll look
around.
Steve
-----Original Message-----
From: Norman Elton [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 16, 2000 9:24 PM
To: CF-Talk
Subject: RE: Novell Advanced Security Woes
Kevin-
If you could detail how you accomplish this, many (MANY) developers would be
most appreciative!
Do you authenticate off of GroupWise, or straight to NDS?
I'm not a Novell guy, so I don't know all the inner workings, but I have
definitely struggled to authenticate Novell passwords.
Thanks!
Norman Elton
Information Technology
College of William & Mary
-----Original Message-----
From: Kevin Miller [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 16, 2000 11:51 AM
To: CF-Talk
Subject: RE: Novell Advanced Security Woes
I don't use Advanced Security, but I have and do authenticate to
Novell's LDAP server via the CFLDAP tag.
Kevin
>>> [EMAIL PROTECTED] 11/15/00 12:10PM >>>
I know that if you want to do a look up to NDS with cfldap you can.
But you can't authenticate to it. Allaire has never tested it and they
say it won't work. The built it for Netscape DS. The siteminder piece
doesn't recognize Novell DS. I got your same problem some time ago and
opened a ticket.....and nothing......doesn't work...You can verify the
connection and it works, but if you were to go to your policy and check
the users your shouldn't see anything...
sorry...
Now should anyone have successfully auth against Novell DS, using cf
4.5.1, and advanced security please lets talk.....
Thanks
>>> [EMAIL PROTECTED] 11/06/00 10:32AM >>>
Yes, I should have mentioned Rick's tool. I was going down the CF
specific
route but, Rick's tool can solve your problem too.
Steve
-----Original Message-----
From: Rick Osborne [Mojo] [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 06, 2000 1:06 AM
To: CF-Talk
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Novell Advanced Security Woes
FYI, I wrote an ISAPI DLL for IIS to do pretty much exactly what Steve
talks
about at the end there. It is completely free and comes with source.
It is
available at:
http://www.rixsoft.com/NWAuth/
Of course, it means that IIS does the authentication instead of CF, but
that
may be good or bad depending on your situation.
-----Original Message-----
From: Steve Bernard [mailto:[EMAIL PROTECTED]]
Sent: Saturday, November 04, 2000 22:41
To: CF-Talk
Subject: RE: Novell Advanced Security Woes
With native CF capability you'll have to use CFLDAP to query NDS' LDAP
interface directly. This doesn't allow you to use NDS as your AS
repository
but, it's better than nothing. You could try hand building the schema
in
NDS. Another option is to use native OS authentication/authorization
but,
have that redirected to NDS. Like using Client32 for NT.
Steve
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or
send a
message with 'unsubscribe' in the body to
[EMAIL PROTECTED]
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or
send a message with 'unsubscribe' in the body to
[EMAIL PROTECTED]
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or
send a message with 'unsubscribe' in the body to
[EMAIL PROTECTED]
----------------------------------------------------------------------------
--------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
https://secure.houseoffusion.com
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
