RE: CFLDAP and tokengroups

Fri, 27 Feb 2009 06:50:05 -0800 

I don't think using tokenGroups would be the most-efficient solution,
however, I have not used that attribute.

I only use the memberOf and member attributes to get group membership.

There are two ways of doing this:

1. Query the user and return the "memberOf" attribute.  This works fine
until the user is a member of 1000+ groups (rare, I assume).

2. Query all groups for the distinguishedName of the user.  This will
return unlimited records.

When I want to get a list of a user's groups, I use option #2.  That
option allows me to bring extra group information such as the
description, manager, etc, in one query.

I know this is not a direct answer to your issue.  If you still use
tokenGroups to get the groups' SID, you can use CFLDAP's RETURNASBINARY
attribute.

Thanks,
Mike

-----Original Message-----
From: Jeff Becker [mailto:[email protected]] 
Sent: Friday, February 27, 2009 8:24 AM
To: cf-talk
Subject: CFLDAP and tokengroups


Good morning,

I have the following code to attempt to get at a users' groups the most
efficient way.

<CFLDAP SERVER="my.ldap.server" 
        ACTION="QUERY"
        USERNAME="aaaaaaa"
        PASSWORD="bbbbbbb"
        NAME="results"
        START="DC=ent,DC=ccccc,DC=dddddd,DC=corp"
        FILTER="(&(objectCategory=User)(samaccountname=jbecker))"
        SEPARATOR="#Chr(9)#"
        ATTRIBUTES="tokengroups">
<cfdump var="#results#">

When attempting to run, I'm getting the following error: An error has
occured while trying to execute query :[LDAP: error code 1 - 00002120:
SvcErr: DSID-03140262, problem 5012 (DIR_ERROR), data 0 ].

The key elmeent to note is that the tokenGroups I know come back as a
BYTE.  Anyone ever had success accessing a users' tokengroups???  Next
step is of course resolving these to the actual TRUE name.. but I'd take
just bringing back BYTE by BYTE if someone has knowledge of that.

Thanks in advance for any help!
Jeff 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f

Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319899
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

Reply via email to