The full user context could look like this
'o=yahoo,ou=janitors,userid=jan007'
or this
cn=jan007,ou=janitors,o=yahoo'
It depends on how your ldap server is set up. Here is the code that I use I my
verification page. I got it from someone else although I can't remember who...
I use the username given to me to search the tree for the full context.
<CFLDAP NAME="GetS"
ACTION="Query"
SERVER="xxx.xxx.xxx.xxx"
ATTRIBUTES="dn"
SCOPE="SUBTREE"
START="ou=campus,o=osu_mc"
FILTER="cn=#LOGINN#">
I check my record to make sure I got a response. DN is the full context of their
login.
<CFOUTPUT QUERY="GETS"><CFSET USERN= #DN#></CFOUTPUT>
<CFOUTPUT><CFSET P= '#FORM.P#'></CFOUTPUT>
<CFIF ISDEFINED('usern')>
Within this cftry I take their DN and password and plug it in to the query Make sure
you put the dn in the start field. If there are any errors its because they didn't
match. If I get no records then it didn't work either. If I get one record that
means the username and password are correct.
<CFTRY>
<CFLDAP NAME="auth"
ACTION="Query"
SERVER="xxx.xxx.xxx.xxx"
ATTRIBUTES="cn"
SCOPE="SUBTREE"
PASSWORD="#Password#"
USERNAME="#variables.usern#"
START="#variables.usern#">
<CFCATCH TYPE="Any">
<CFLOCATION URL="login.cfm?BAD=y" ADDTOKEN="NO">
</CFCATCH>
</CFTRY>
<CFIF #AUTH.RECORDCOUNT# IS 0>
<CFLOCATION URL="login.cfm?WUSER=NO" ADDTOKEN="NO">
<CFELSEIF #AUTH.RECORDCOUNT# IS 1>
<CFQUERY NAME="SESSION" DATASOURCE="assets">
UPDATE tblsessions
SET LOGIN = '#LOGINN#',
LOGGEDIN = 'YES'
WHERE IDNUMBER= #SESSION.USER_NAME#
</CFQUERY>
<CFLOCK TIMEOUT="30" NAME="#SESSION.LOGIN#">
<CFSET SESSION.LOGIN="#LOGINN#">
</CFLOCK>
<CFOUTPUT><CFLOCATION URL="http://www.surgery.medctr.ohio-state.edu#VARIABLES.P#"
ADDTOKEN="NO"></CFOUTPUT>
<CFELSE>
<CFLOCATION URL="login.cfm?OPPS=NO" ADDTOKEN="NO">
</CFIF>
</CFIF>
Hope this helps.
mike
>>> [EMAIL PROTECTED] 03/23/01 12:04PM >>>
Michael,
Could you go a little more indepth, I am working with LDAP for the first
time and just can't quite get IT...
I can pull a user from the LDAP server, I can search and return multiple
results...I can't seem to get what a successful login is...
Is it that I get a empty recordset (which is what is happening now) or is it
that I get the user record back???
Thanks,
John
-----Original Message-----
From: Michael Ross [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 23, 2001 9:15 AM
To: CF-Talk
Subject: Re: Any LDAP Guru's here? Authentication Problem
Once you get the full user context. Do another query/or your first query,
supply that(the full context) in the username field, and the password in the
password field. CFldap does the rest. If you get an error the
username/password isn't right. If nothing happens it was right and they
have authenticated.
>>> [EMAIL PROTECTED] 03/23/01 09:50AM >>>
speaking of this, how does one 'authenticate'? I'm having trouble
getting this to work.
Do I
<cfldap> once anonymously to get the userid based on user inputed
info
then
<cfldap> again with userid and password supplied this time. If
<cfldap> pulls back a record, then authentication happend, correct?
I'm told passwords are generally SHA1 hashed in LDAP directories, does
CFLDAP do the hashing?
-----
Douglas Knudsen
Leveraged Technologies Group
Alltel AIS
678-351-6063
Got Linux? http://linuxmall.com
From: [EMAIL PROTECTED] AT INTERNET on 03/23/2001 09:27 AM
To: Douglas Knudsen/ATL/ALLTELCORP, [EMAIL PROTECTED] AT
INTERNET@CCMAIL
cc:
Subject: Re: Any LDAP Guru's here? Authentication Problem
Initally I would say no. Point your cfldap to an ip of the ldap
server. Will y
ou need to authenticate to both servers? Neither tree can see each
other can th
ey? If one of the servers can give you access to all the users
context thats al
l your should
need. If you need to authenticate to both do the first query with
the first IP
do a user search then do the second query with the second server.
Once you fin
d the user context make sure you authenticate to the right ip.
>>> [EMAIL PROTECTED] 03/23/01 07:51AM >>>
quick question.
i want to use NDS & LDAP to authenticate ALL the users of our
intranet.
my problem that there are 2 servers.
both have the same tree name?
will this cause me problems.
if so is there a way around it?
any ideas would be great
-paul
Web Developer, NBBJ
Work: [EMAIL PROTECTED]
614 241-3534
fax: 614 485-5534
Home: [EMAIL PROTECTED]
614 449-1681
> icq: 47658358
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
