I seem to recall that you have to enable 'Integrated Windows
authentication' for the applicable website in IIS.
I have an internal app in which the application.cfm checks the value of
session.accessgranted and then either lets the user into the app or
evaluates whether the user's Windows login is a member of an AD group
called 'WorkOrder'. I use administrator credentials to run the query,
but that's not best practices.
<cfldap
action="QUERY"
name="qry_membersof"
attributes="memberof"
start="dc=network,dc=mydomainname,dc=com"
scope="subtree"
filter="samaccountname=#listlast(cgi.REMOTE_USER,"\")#"
server="MyServerName"
username="network\administrator"
password="mypassword"
separator=";"
>
<cfset groups=valuelist(qry_membersof.memberof, ";")>
<cfif listcontainsnocase(groups, "WorkOrder")>
<cfset session.accessgranted=1>
<cfelse>
<cfset session.accessgranted=0>
</cfif>
Scott Stewart wrote:
> I know squat about AD, first off :-)
>
> Can I query an AD server and have it send back all the data that it has on a
> user?
>
>
>
> I'm trying to set up a role based security system and I want to use as much
> out of AD as possible (as opposed to creating user tables in a DB)
>
>
>
> --
>
> Scott Stewart
>
> IT Consultant/ColdFusion Developer
>
> 4405 Oakshyre Way
>
> Raleigh, NC 27616
>
> (919) 874-6229
>
>
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327964
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
