Matt It would be a security issue if you did put your username/password into your code anyway. Your sysadmin will probably not be happy if he finds out you're doing that anyway. You should get a non-expiring account setup that has whatever access you need to LDAP and no access to anything else.
On the other hand, it will make for good job security. Matt: "If you sack me, no authentication will work anymore!! Mwa-ha-ha-haaa!!" Darren Tracey > -----Original Message----- > From: Hickman, Matt [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 25, 2003 2:19 PM > To: CFAussie Mailing List > Subject: [cfaussie] RE: CFLDAP > > > Thanks Steve, > > Yeah it's Active Directory not Novell. > > I thought they might be attributes, once I know what my > schema looks like > then I can use my own, and my guess the connection error is > because I don't > know my "start" info right??? > > I've got all my other details - server location, port and my sys admin > advised I've got read access to this ldap, but won't it be > Cold Fusion that > will need read access?? > > If I place my username/password details in the cfldap tag even as an > application variable, I need to change my password every 40 > days it'll be a > pain in the arse to update. > > Should I be requesting for a generic username/password that > won't expire?? > > Matty > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 25 March 2003 2:07 PM > To: CFAussie Mailing Li > Subject: [cfaussie] RE: CFLDAP > > > Matt, > > Cn, ou, o etc. are just other attributes you may or may not > have available > to you once you query ldap. Cn is usually "common name", o is > "organisation" > etc. So when you do an ldap query with the attribute "*", it > is likely that > your query object will contain a column named "cn" that will contain > something like "Steve Clifton" or "Matt Hickman" etc. > > What directory are you querying? Is it Active Directory or > Novell Directory > Service? The example I gave you was for NDS. Below is an ldap > query for AD. > You might need to set up a user that has rights to access AD. > Also note the > "start" attribute used in the tag... You will need to find > this out from > your sysadmin, and is very important. This tells ldap where > to start looking > for the data you want, and is a similar concept to the file path of a > directory structure. > > <cfldap action="QUERY" > name="getstuff" > attributes="*" > start="cn=username,ou=staff,dc=mail" > scope="SUBTREE" > server="172.16.x.xxx" > username="cn=adminuser,ou=staff,dc=mail" > password="password"> > > So this is an ldap query named "getstuff". It will return all > attributes > from the record (same as SQL select * from table). It will > search for a cn > of "username" in the mail\staff\ folder of AD, and the scope > of "subtree" > means it will also search all sub folders of the staff > folder. The server is > an IP address, but may also be a host name such as > vodaphone.com.au, while > the username and password are hardcoded with the username and > password of an > account with rights to AD. > > This is my simplistic way (don't know any other way) of > looking at it. Hope > it helps. > > Steve > > -----Original Message----- > From: Hickman, Matt [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 25 March 2003 1:32 PM > To: CFAussie Mailing List > Subject: [cfaussie] RE: CFLDAP > > > Thanks Steve shall try this. > > I've got some connection problems I'm getting "cannot connect > to ldap" or > something similar. > > So I'm doublechecking with adminstrators. > > Once I connect then I'll check what attributes now using the > "*". Cool. But > in many examples I've seen the "cn=, ou=, o=" > > What do all these mean?? > > Thanx > > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 25 March 2003 12:12 PM > To: CFAussie Mailing List > Subject: [cfaussie] RE: CFLDAP > > > Matt, > > Sorry... If you are wanting to figure out the attributes you > have available > to you, the "attributes" attribute should be "*". My example > would only dump > the givenName and sn in the example I sent earlier. > > Ie. <cfldap action="QUERY" > name="getstuff" > attributes="*" > start="cn=#form.username#,ou=Users,ou=Staff,ou=Kew,o=xyz" > scope="SUBTREE" > server="xxx.xx.x.x"> > > <cfdump var="#getstuff#"> > > Should give you the lot. > > Steve > > > -----Original Message----- > From: Clifton Steve > Sent: Tuesday, 25 March 2003 12:06 PM > To: CFAussie Mailing List > Subject: [cfaussie] RE: CFLDAP > > > Yes... > > <cfldap action="QUERY" > name="getstuff" > attributes="givenName, sn" > start="cn=#form.username#,ou=Users,ou=Staff,ou=Kew,o=xyz" > scope="SUBTREE" > server="xxx.xx.x.x"> > > <cfdump var="#getstuff#"> > > To test the connection, wrap cftry around it and catch and > dump any errors. > > steve > > > > -----Original Message----- > From: Hickman, Matt [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 25 March 2003 11:32 AM > To: CFAussie Mailing List > Subject: [cfaussie] CFLDAP > > > Hi all, > > Just trying to connect to LDAP using <CFLDAP> tag. > > Was wondering how I can dump the scope of this tag using > <cfdump>??? Can I > do so?? > > I'm trying to figure out the attributes I've got to work with > to help build > my future authentication/personalisation bits. > > Also how can I test the connection?? > > Matt > > > ********************************************************************** > A new world of colour, sound and pictures awaits you: > Vodafone Live! More details at http://www.vodafone.com.au/live/ > > ************************************************************** > ********" > This correspondence is for the named person's use only. It may contain > confidential or legally privileged information or both. " No > confidentiality > or privilege is waived or lost by any " mistransmission. If > you receive this > correspondence in error, please immediately delete it from > your system and > notify the sender. You > must not disclose, copy or rely on any part of this correspondence > if you are not the intended recipient. > > Any views expressed in this message are those of the > individual sender, > except where the sender expressly, and with authority, states > them to be the > views of Vodafone. > > This email has been checked for viruses. > ************************************************************** > ********** > ********************** > > > --- > You are currently subscribed to cfaussie as: > [EMAIL PROTECTED] To > unsubscribe send a blank email to > [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ > > > > > --- > You are currently subscribed to cfaussie as: > [EMAIL PROTECTED] To > unsubscribe send a blank email to > [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ > > > > > --- > You are currently subscribed to cfaussie as: > [EMAIL PROTECTED] To > unsubscribe send a blank email to > [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ > > > ********************************************************************** > A new world of colour, sound and pictures awaits you: > Vodafone Live! More details at http://www.vodafone.com.au/live/ > > ************************************************************** > ********" > This correspondence is for the named person's use only. It may contain > confidential or legally privileged information or both. " No > confidentiality > or privilege is waived or lost by any " mistransmission. If > you receive this > correspondence in error, please immediately delete it from > your system and > notify the sender. You > must not disclose, copy or rely on any part of this correspondence > if you are not the intended recipient. > > Any views expressed in this message are those of the > individual sender, > except where the sender expressly, and with authority, states > them to be the > views of Vodafone. > > This email has been checked for viruses. > ************************************************************** > ********** > ********************** > > > --- > You are currently subscribed to cfaussie as: > [EMAIL PROTECTED] To > unsubscribe send a blank email to > [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ > > > > > --- > You are currently subscribed to cfaussie as: > [EMAIL PROTECTED] To > unsubscribe send a blank email to > [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ > > --- > You are currently subscribed to cfaussie as: [EMAIL PROTECTED] > To unsubscribe send a blank email to > [EMAIL PROTECTED] > > MX Downunder AsiaPac DevCon - http://mxdu.com/ > --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MX Downunder AsiaPac DevCon - http://mxdu.com/
