I'm looking at farcry_core.packages.security.authentication.getUser()
and it appears that if you attempt to get a user from ADSI, no check is
made to determine if that user is actually exists in the Active
Directory.

******* Existing ADSI Code ********

<cfcase value="ADSI">
  <cfscript>
    o_NTsec = createObject("component",
"#application.packagepath#.security.NTsecurity");
    userNotes = o_NTsec.getUserDescription(userName=userLogin,
domain=stUd[Userdirectory].domain);
                
    stUser = structNew();
    stUser.userID = userLogin;
    stUser.userLogin = userLogin;
    stUser.status = 4;
    stUser.userNotes = userNotes;
    stUser.userDirectory = userDirectory;
  </cfscript>
</cfcase>

******* End Existing ADSI Code ********

What I would like to do is change the above code to at least check for
the user's existence in AD.

******* Proposed ADSI Code ********

<cfcase value="ADSI">
  <cfscript>
    o_NTsec = createObject("component",
"#application.packagepath#.security.NTsecurity");
    //check to see that the user is in the directory
    userExists = o_Ntsec.userInDirectory(userName=userLogin,
domain=stUd[Userdirectory].domain);
                
    stUser = structNew();
    if (userExists) {
      stUser.userID = userLogin;
      stUser.userLogin = userLogin;
      stUser.status = 4;
      stUser.userNotes = o_NTsec.getUserDescription(userName=userLogin,
domain=stUd[Userdirectory].domain);;
      stUser.userDirectory = userDirectory;
    }
  </cfscript>
</cfcase>

******* End Proposed ADSI Code ********

This would cause getUser to return an empty structure for users not
found in the AD, which is what the method returns if a user is not found
in the Daemon directory. Does anyone see any problems with this? 

One thing that may still need sorting out is user status. For example, I
think it is possible for a user to exist in AD but not belong to a group
which has access to FarCry? Is this correct? If so, what should we
return for status in such cases?

Best,

--Nathan



---
You are currently subscribed to farcry-dev as: [EMAIL PROTECTED]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Aussie Macromedia Developers: http://lists.daemon.com.au/

Reply via email to