Yes, this would let you know that they are authenticated. It assumes that
you LDAP server allows users to read from the tree. I'm not sure about using
the full DN to the object with the start key. I always use the people
container. Here is my example:
<cfldap name="authenticate"
action="query"
server="#Application.ldapServer#"
port="389"
attributes="#userAttributes#"
start="#Application.peopleBasedn#"
scope="subtree"
filter="#Application.ldaploginobjectclass#=#Form.username#"
username="#Application.ldaploginobjectclass#=#Form.username#,#Application.peopleBasedn#"
password="#Form.password#">
Don't forget to authorize the user as well :)
speeves
On Thu, Oct 23, 2008 at 4:01 PM, Marie Taylore <[EMAIL PROTECTED]>wrote:
> I just received this code as the "proper" way to "bind" someone during an
> LDAP login to a ColdFusion App. Is this really the right way?
>
> <cfset UserIsValid = 0>
> <CFTRY>
> <cfldap action="QUERY"
> name="Authenticate"
> start="uid=#username#,ou=#OurOU#,dc=#OurDC#,dc=#OurDC2#"
> attributes="cn"
> scope="SUBTREE"
> server="#OurServer#"
> username="uid=#username#,ou=#OurOU#,dc=#OurDC#,dc=#OurDC2#"
> password="#password#">
> <cfif Authenticate.RecordCount GT 0>
> <cfset UserIsValid = 1>
> <cfelse>
> <cfset UserIsValid = 0>
> </cfif>
> <cfcatch type="Any">
> <cfset UserIsValid = 0>
> <!--- DEBUG CODE HERE --->
> </cfcatch>
> </CFTRY>
>
> <cfif UserIsValid EQ 0>
> Sorry, login failed.
> <cfabort>
> </cfif>
>
> If they pass the CFABORT above, they're "authenticated" to your app.
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314320
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
