According to the docs, and my testing, you have to set START to the distinguishedName of the object (user/group) of which you want to retrieve the groups.
Then, you set the SCOPE to base which means the LDAP query is only concerned with the object in the START attribute. This makes sense because you want to find the group membership of a distinct user account. SUBTREE = All objects in the current scope and sub-OUs. ONELEVEL = All objects in the current scope, only. BASE = Only the object specified in the START Thanks, Mike -----Original Message----- From: Jeff Becker [mailto:[email protected]] Sent: Friday, February 27, 2009 11:49 AM To: cf-talk Subject: Re: CFLDAP and tokengroups Interesting... The scope="base" is what is killing mine. I'm not sure if I need to change my START value or what??? According to docs: oneLevel: entries one level below entry. == DEFAULT base: only the entry. But not exactly sure what that means.. in any regard, I'm getting closer and closer to the end goal... :) Thanks. Let me know anything else you find out or any thoughts on the scope="" switch above. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:319923 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
