I've used LDAP in the past with CFLDAP tag. LDAPs can be setup in various ways, so YMMV here.
The short story is that you do this in two passes. For pass one you use the users login "username" with whatever your org uses to search the LDAP and query for the DN (= Distinguished Name ). You do this using the filter property with the proper filter. The DN is a unique identifier in LDAP, looks kind of like a path. For pass two, you take this DN and the users password and perform the "bind", set the username property to this DN. In both passes you use CFLDAP of course. Now, how you search your particular orgs LDAP for this DN will vary. I suggest using a LDAP browse tool. There used to be one from Softerra, ldapadministartor.com, that I used in the past, I'm talking 3.5 years back though, but we did use the SunOne implementation IIRC. This tool was great to get a understanding of the LDAP structure and helping to build the filter for pass one above, something your sysadmins may be reticent to share :) To say this took some patience and a bit of trial and error is a bit under stating things, it was painfully slow. I read a bit of LDAP RFCs even to get a grasp. Oh, the first pass above may require a login, which can be filtered by IP and all, so you may want to check with your sysadmins. Note also that if SSL is in use, need to use the secure property and likely you will need to add the SSL cert to your keystore. Douglas Knudsen [email protected] On Nov 30, 2010, at 9:07 AM, [email protected] wrote: > We are attempting to use LDAP to authenticate a user for an application - > this is to be a basic authentication - no roles involved. I understand > that you need to bind to the ldap server, validate the user id provided on > the login screen by performing a query against LDAP and then > authenticating the user id and password. Using cfldap, how does one bind > to the server? We are using SunOne for the LDAP. > > Any help would be greatly appreciated as I need to get this done as soon > as possible. > > Thanks, > > > Craig Nassal > > Federal Reserve Bank of Atlanta > 1000 Peachtree St. N.E. > Atlanta, Ga 30309-4470 > (404)498-8437 > [email protected] > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
