Proper Authentication with CFLDAP?

Marie Taylore Thu, 23 Oct 2008 14:08:45 -0700

I just received this code as the "proper" way to "bind" someone during an
LDAP login to a ColdFusion App.  Is this really the right way?


<cfset UserIsValid = 0>
<CFTRY>
    <cfldap action="QUERY"
        name="Authenticate"
        start="uid=#username#,ou=#OurOU#,dc=#OurDC#,dc=#OurDC2#"
        attributes="cn"
        scope="SUBTREE"
        server="#OurServer#"
        username="uid=#username#,ou=#OurOU#,dc=#OurDC#,dc=#OurDC2#"
        password="#password#">
    <cfif Authenticate.RecordCount GT 0>
        <cfset UserIsValid = 1>
    <cfelse>
        <cfset UserIsValid = 0>
    </cfif>
    <cfcatch type="Any">
        <cfset UserIsValid = 0>
        <!--- DEBUG CODE HERE --->
    </cfcatch>
</CFTRY>

<cfif UserIsValid EQ 0>
    Sorry, login failed.
    <cfabort>
</cfif>

If they pass the CFABORT above, they're "authenticated" to your app.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f

Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314319
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Proper Authentication with CFLDAP?

Reply via email to