Sorry to wade in at such a late stage, but ... NDS can be extended using various API's and also using the NDS ODBC driver. We here at health are running Novell 5.x with no extensions at all (such as eDirectory or WebAccess). We use a C++ cfx custom tag called cfx_nwpasscheck, to authenticate users via there novell login. The only thing required is for the application server to be logged into novell. Our cf server logs in to enable the arcserve client to access the arcserve server for backup purposes.
The code used to authenticate is quite simple -: <cfx_nwpasscheck nwuserid="#id#" nwpassword="#password#"> The #id# variable is the full NDS name (username + context). Just a note on using nbstat in a novell environment for automatic authentication without needing to log in. To map a novell user to a certain IP address can be quite difficult. NDS records the login details for each user and there assigned network address in NDS - OK. The problem is that, the network address recorded can be either an IP address or an IPX address (based on PC protocol priorities). If IP it is a simple matter of matching IP to #CGI.REMOTE_ADDR# but if it is an IPX address then it makes it a little harder. An IPX address is made up of several things one of them being the MAC address of the PC's NIC. You can use something like nbstat to return the users MAC address but it is flakey. Once you have the users MAC address then it is a simple matter to query NDS and pull the username. The biggest problem with nbstat is that it is quite difficult to resolve across routers. If your users access your intranet via a WAN (ie they use a router to get to your web server) you can forget about using nbstat. Also if your users access your web server using an internal proxy server from within a WAN you can forget about using an IP address as #CGI.REMOTE_ADDR# will return the proxy server address not their PC IP address. If the automatic authentication fails I fall back on a simple login interface. I wrote a simple form that has the same look and feel as the novell client login. The context is dynamically created in a popup window using the NDS ODBC driver and querying the NDS db to create the NDS tree in a cftree. Which the user simply clicks on after finding their correct context. They then enter their username and password and authentication occurs. For our intranet (100,000+ users) there would be about 5% that can authenticate automatically (mostly those at our Nth Sydney Office). But those 5% happen to include my boss and the executive so it can be a worthwhile exercise. There is a new product for NDS called exteNd Director which is written in Java with a nice API for the CFMX users out there (or cfx java tags pre MX). If installed with eDirectory then security integration with NDS becomes even easier. my 2 cents, hth Rod > No have not done that. > > :0 > s > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of George Lu > Sent: Monday, 17 March 2003 15:19 > To: CFAussie Mailing List > Subject: [cfaussie] Re: Intranet Authentication Via Username > > > Thanks Simon. We've implemented a system on the Intranet but users > have to login again to retrieve their info in the eDirectory. Have you > implement that having authenticating automatically once users sign on > Novell (i.e. sigle sign on)? > > George > > >>> [EMAIL PROTECTED] 17/03/03 13:00:42 >>> > I'm currently working on an authentication system against > NDS/eDirectory via LDAP. > > Early days yet, am working off a dev directory (8.6) with CFMX, on > separate Win2K servers. > > Have got fake users authenticating successfully against NDS accounts > via CFLDAP, but not using cflogin. > > Have not yet been able to get eDirectory's trusted root cert > accepted > by CF so am not yet using encryption either. > > Sorry, George: short answer is "yes." > > :) > s > ____________________________________ > Simon Handfield > Senior Web Application Developer > State Library of New South Wales > email: [EMAIL PROTECTED] > phone: +612 9273 1710 > fax: +612 9273 1268 > cell: +61 0402 146 513 > web: http://www.sl.nsw.gov.au/ > > ==================================== > This email and any attachments to it are privileged and > confidential. > If you are not the intended recipient, please notify the sender and > delete it. The contents of this email are not given or endorsed by > the > State Library of New South Wales unless otherwise indicated by an > authorised officer of the Library. Copyright law may also apply to > this contents of this email. -- --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
