RE: Use CFLDAP to retrieve list of groups user belongs to

Jon Sala Thu, 28 Jan 2010 11:47:56 -0800

Just loop through the memberOf data as a list:

                <cfldap action="query" name="qryLDAP" 
start="DC=yourdomain,DC=ca"
                        
attributes="cn,title,mail,telephonenumber,givenname,sn,department,description,memberOf,samaccountname"
                          scope="SUBTREE" filter="(samaccountname=#user#)"
                          maxrows="2" server="ldap.yourdomain.com" 
username="#foo#" password="#bar#" sort="cn ASC" />
                                <!--- loop through the memberOf data to find 
what group of interest --->
                                <cfloop index= grp list = "SomeKindOfUsers">
                                        <cfif qryLDAP.memberOF CONTAINS grp>
                                                <cfquery name='qryUser' 
datasource='baz' blockfactor='100'>
                                                SELECT EMPLOY_ID, FIRST_NAME, 
LAST_NAME, EMPLOYEE.TEAM_ID
                                                FROM EMPLOYEE
                                                WHERE RETIRED = 0 AND 
SELECTABLE = 1 AND ISTEAM = 0 AND CANEDIT = 1 AND
                                                UPPER( FIRST_NAME ) = 
'#Ucase(Trim(qryLDAP.givenname))#' AND
                                                UPPER( LAST_NAME ) = 
'#Ucase(Trim(qryLDAP.sn))#'
                                                </cfquery>
                                                <cfif qryUser.recordcount eq 1>
                                                        <cfset 
session.AuthenticatedID = '#qryUser.EMPLOY_ID#'>
                                                        <cfset 
session.AuthenticatedUser = '#qryLDAP.samaccountname#'>
                                                        <cfbreak>
                                                </cfif>
                                        </cfif>
                                </cfloop>
                                ...

-----Original Message-----
From: Dawn Sekel [mailto:[email protected]]
Sent: Thursday, January 28, 2010 12:12 PM
To: cf-talk
Subject: Use CFLDAP to retrieve list of groups user belongs to

Hi:
I currently use this command to authenticate a user against our AD.

               <cfldap action="QUERY"
                  name="results"
                  start="dc=DomainName,dc=com"
                  server="serveripaddress"
                  username="#trim(form.username)#"
                  password="#trim(form.password)#"
                  filter="cn=#uname#"
                  attributes="cn"
                >

My IT manager wants me to now allow users to access various tasks in our web 
application based upon the group the user belongs to.  Can I add a filter to 
the filter parameter such as "memberOf" that will return a string of all the 
groups the user belongs to in the "results" query?  Or would I have to use a 
second follow on CFLDAP query?  Would anyone be able to share an example?

Thanks in advance of any advice.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:330231
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4

RE: Use CFLDAP to retrieve list of groups user belongs to

Reply via email to