I think you are onto something here Dave. I just gave you script a quick go - replaced GlobalGroup with my Organisational Unit (OU) and got a different list back when mapping the policy group (though it was not filtered - had users, machines, crap...). But alas, it still did not work. Enough for today - I will work on it again tomorrow morning.
Thanks for sharing... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Ross Sent: Wednesday, 5 May 2004 19:29 PM To: FarCry Developers Subject: [farcry-dev] RE: Active Directory Integration - UPDATE III actually.... this is exactly where it choked for me. I was wrong about what I said earlier... if you have the wrong domain, NTAuth.dll may work, and Jrun's ntauth will authenticate the user... but as soon as you try to get the user's groups (jrun's ntauth does this part too), it will fail. I should have told you to test this code: <cfscript> o_NTAuth = createObject("java", "jrun.security.NTAuth"); o_NTAuth.init("your_domain_here"); groups = o_NTAuth.getUserGroups("your_username"); </cfscript> <cfdump var="#groups#"/> Are you sure the server is joined to the domain you are trying to use? I have little experience with activeDir (or network domain configuration), but I just went through this with a client so I thought I could share my experiences. I originally pulled the domain off of the server's system properties->networkID... for whatever reason, this was NOT the correct domain. It was actually the name of the domain that all the users around the client's network use to log into the workstations. They did ask about which groups it was pulling... and this is the code that does it: <cfscript> o_domain = createObject("COM", "NTAdmin.NTContainerManagement"); aGroups = arrayNew(1); aGroups = o_domain.EnumerateContainer(arguments.domain,"GlobalGroup"); </cfscript> <cfdump var="#aGroups#"/> I'm guessing that the "GlobalGroup" attribute could be changed to something that would point at different OUs... but like I said I just don't know enough about activeDIR (and I was unable to find ANY documentation on ntauth.dll on the web). Most of my expertise with auth-integration stuff is with Novell NDS, in which case we'd be using cfldap anyways. Hope that helps, Dave >>> [EMAIL PROTECTED] 05/05/04 3:14 AM >>> Do you have to / is there a way of, selecting an Organisation Unit? In our Active Directory set up, the users are not in the top level 'users' folder, but have been added to an organisational Unit - one for each state. Does anyone have or know where I can get an object model for the NTAdmin.dll COM - something that shows all the functions and what parameters they take. Thanks. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Mercer Sent: Wednesday, 5 May 2004 14:42 PM To: FarCry Developers Subject: [farcry-dev] RE: Active Directory Integration - UPDATE II I have tracked this down a bit further - looks like a problem returning groups logging in ... <cfscript> arguments.userName = 'andrewm'; arguments.password = 'xxxxxx'; o_NTAuth = createObject("java", "jrun.security.NTAuth"); o_NTAuth.init("power.net.au"); // authenticateUser throws an exception if it fails o_NTAuth.authenticateUser(arguments.userName,arguments.password); </cfscript> done<br> <cfscript> NTgroups = o_NTAuth.GetUserGroups(arguments.userName); groups = arrayToList(NTgroups); </cfscript> Crashes on the second cfscript with: The system has attempted to use an undefined value, which usually indicates a programming error, either in your code or some system code. Null Pointers are another name for undefined values. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Mercer Sent: Wednesday, 5 May 2004 11:45 AM To: FarCry Developers Subject: [farcry-dev] RE: Active Directory Integration - UPDATE Update - tracking down the login path... farCry\farcry_core\packages\security\_NTsecurity\authenticateUser.cfm set bAuth to True -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Mercer Sent: Wednesday, 5 May 2004 11:08 AM To: FarCry Developers Subject: [farcry-dev] RE: Active Directory Integration Thanks Dave. The login works with the same details I have entered into the farCry setup (and does crash with incorrect password). So would that then suggest that I have a problem with the group mapping and that group dot having 'admin' permissions? Just out of interest, does your sample script require that NTAdmin.dll be installed and registered? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Ross Sent: Wednesday, 5 May 2004 10:43 AM To: FarCry Developers Subject: [farcry-dev] RE: Active Directory Integration not, it works.... you just have to make sure that the "type" member is set to "ADSI". Also, make sure you've entered the correct domain... I entered the wrong one the first time and this snagged me bad, because you can still map groups, but the jrun ntauth stuff won't work without the right domain. test this code outside of farcry...see what you get <cfscript> o_NTAuth = createObject("java", "jrun.security.NTAuth"); o_NTAuth.init("your_domain_here"); // authenticateUser throws an exception if it fails o_NTAuth.authenticateUser("your_username","your_password"); </cfscript> -dave >>> [EMAIL PROTECTED] 05/04/04 9:45 PM >>> I have just gone back over some email the Paul Harrison sent me, and now am I not sure if I have missed something. Once I have set up dm_SecUserDirectories.cfm to use Active Directory, does farCry automatically know to authenticate users via Active Directory? Or do I need to create my own authentication.cfc and authorisation.cfc _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Mercer Sent: Tuesday, 4 May 2004 14:44 PM To: FarCry Developers Subject: [farcry-dev] Active Directory Integration I have just followed the instruction to set up Active Directory integration and can see all the groups from Active Directory Server when doing the 'map policy group'. Then it says users in that AD group can login in. This is the bit that has come undone. In the dm_SecUserDirectories.cfm, do I have to remove the ClientID settings, or can they run side by side? When I enter my name and incorrect password it comes back with a login error. The correct combination just comes back to the login screen - no error. Regards, Andrew Mercer Senior Developer Power Business Systems 18-20 Piccadilly Square 7 Aberdeen Street Perth WA 6000 T: +61 8 9221 1182 F: +61 8 9325 5198 E: [EMAIL PROTECTED] W: www.power.net.au < Please speak to Power Business Systems, Your Business Objects Partner, Today. CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify Power Business Systems immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Power Business Systems. --- You are currently subscribed to farcry-dev as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] --- You are currently subscribed to farcry-dev as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to farcry-dev as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to farcry-dev as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to farcry-dev as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to farcry-dev as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to farcry-dev as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to farcry-dev as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to farcry-dev as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
