Well, that one worked for me and of course made me more determined to figure out what the difference was. It turns out that Adobe CF defaults its search scope to "oneLevel" while OpenBD is "base" which would return no results at the level I was starting at. It plainly states that in Adobe's CFDocs which I honestly never paid attention to and just took for granted the fact that it worked. It just happened to work because all the OUs we have to search are only one level deep.
So, I'll put another notch in my "stupid mistakes" column and apologize to everyone for bothering them for nothing. To all who gave me some help with this, thank you for your time. On Fri, Jan 30, 2009 at 11:47 AM, Paul Bonfanti <[email protected]> wrote: > The following worked for me with my Active Directory. Could you try it > and see if it works for you? > > > > <!--- Username can be "NEWATLANTA\Administrator" or > "[email protected]" or "administra...@newatlanta"---> > > <cfldap server = "<myserver>" > > username="administra...@newatlanta" > > password="<mypassword>" > > action = "query" > > name = "results" > > START = "cn=Users, dc=newatlanta, dc=local" > > attributes = "cn"> > > > > <cfdump var="#results#"> > > > > Paul > > > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Anthony Hixon, Jr. > *Sent:* Thursday, January 29, 2009 10:55 AM > > *To:* [email protected] > *Subject:* [OpenBD] Re: cfsearch Question > > > > Same results. Nothing from OpenBD. 1000 rows returned from Adobe CF. > > On Thu, Jan 29, 2009 at 10:16 AM, Paul Bonfanti <[email protected]> > wrote: > > Maybe OpenBD is not handling the filter attribute properly. What happens if > you remove it. > > > > Paul > > > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Anthony Hixon, Jr. > *Sent:* Thursday, January 29, 2009 9:57 AM > > > *To:* [email protected] > *Subject:* [OpenBD] Re: cfsearch Question > > > > Well, as I suspected you can't use "*" for attributes because it exceeds > the size limit for queries of Active Directory so I basically dropped it to > "cn" only: > > <cftry> > <cfldap action="query" > name="getCN" > attributes="cn" > start="dc=mydomain,dc=org" > filter="(&(objectclass=user))" > server="dc1" > username="[email protected]" > password="password" > separator=";"> > <cfcatch type="ANY"> > <cfoutput>#cfcatch#</cfoutput> > </cfcatch> > <cfdump var="#variables.getCN#"> > <cfset queryRan="Yes"> > <cfoutput>#queryRan#</cfoutput> > </cftry> > > Of course I'm getting no cfcatch output because the cfldap query is running > but returning nothing. Running this same query from Adobe CF returns the > 1000 row limit from Active Directory as expected. > > On Wed, Jan 28, 2009 at 3:35 PM, Paul Bonfanti <[email protected]> > wrote: > > There shouldn't be but there could be a bug in OpenBD with how it handles > the attributes or filter attribute. > > > > Paul > > > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Anthony Hixon, Jr. > *Sent:* Wednesday, January 28, 2009 3:32 PM > > > *To:* [email protected] > *Subject:* [OpenBD] Re: cfsearch Question > > > > So there is a difference in the two cfldap implementations? > > > > I'm out of the office right now so I can't test your suggestions. > > Sent from my iPhone > > Anthony Hixon, Jr. > > Certified ColdFusion MX7 Advanced Developer > > Mobile: (706) 639-3617 > > Email: [email protected] > > > On Jan 28, 2009, at 3:23 PM, Paul Bonfanti <[email protected]> wrote: > > If it's not erroring out then I'd try testing different scenarios to see > if you can find one that works. For example, maybe you could try setting > attributes to '*' and don't set a filter attribute to see if that returns > anything. This would help rule out it being an issue with the attributes and > filter attribute. > > > > Paul > > > > *From:* [email protected] > [mailto:[email protected]<[email protected]>] > *On Behalf Of *Anthony Hixon, Jr. > *Sent:* Wednesday, January 28, 2009 3:04 PM > *To:* [email protected] > *Subject:* [OpenBD] Re: cfsearch Question > > > > We already use the u...@domain format for our credentials so that's not > the holdup. As I said in my earlier post, I have Adobe CF running on the > same box as OpenBD for testing and the same cfldap query returns the correct > information. > > > > The cfldap tag itself is not erroring out on OpenBD, it's just not > returning anything whereas it is from Adobe's side. Basically for testing, > I'm just asking for memberOf, cn, and mail attributes for a user account > based on saMAccountName. > > Sent from my iPhone > > Anthony Hixon, Jr. > > Certified ColdFusion MX7 Advanced Developer > > Mobile: (706) 639-3617 > > Email: [email protected] > > > On Jan 28, 2009, at 2:44 PM, Paul Bonfanti <[email protected]> wrote: > > In the username attribute, make sure you are also specifying the domain > of the active directory. For example, DOMAIN\username or > [email protected] that will fix it for you. > > > > Paul > > > > *From:* [email protected] > [mailto:[email protected]<[email protected]>] > *On Behalf Of *Anthony Hixon, Jr. > *Sent:* Wednesday, January 28, 2009 2:36 PM > *To:* [email protected] > *Subject:* [OpenBD] Re: cfsearch Question > > > > I'm stumped on this one, but Matt has generously agreed to help me sort > this one out because as I told him without this working, we'll have to give > up on Open BD for now. Windows AD authentication is used as the primary > authentication mechanism for all of our CF applications. > > If anyone has any ideas, I'd be grateful for their insight. > > Thanks again! > > On Wed, Jan 28, 2009 at 2:04 PM, Anthony Hixon, Jr. <[email protected]> > wrote: > > Update. > > I tested the same CFLDAP code on the same Ubuntu box but with Adobe's > ColdFusion and it works perfectly. > > So, is there something different about OpenBD's CFLDAP implementation? > > > > On Tue, Jan 27, 2009 at 2:07 PM, Anthony Hixon, Jr. <[email protected]> > wrote: > > Worked perfectly. Thank you! > > Now, another question. I've been banging my head on this one for hours. > > Would it be possible for someone to test a cfldap query for just some basic > info like givenName or CN against a Windows 2003 AD from an OpenBD/Jetty > setup on Linux? I cannot get anything to come back from some code that works > from an IIS web server when I try it from my OpenBD/Jetty server. CFLDAP > shouldn't care where it runs from as long as the querying credentials are > sufficient correct? I'd even be happy if someone told me "No, stupid you > need to do this...". This is driving me crazy. > > > > On Tue, Jan 27, 2009 at 11:18 AM, Andy Wu <[email protected]> wrote: > > > Yes, try creating it via the cfcollection tag with storebody=true. > > > Andy > > Anthony Hixon, Jr. wrote: > > > Should I just generate the collection through code at this point and > > set the STOREBODY attribute to TRUE? Is that how it is set? > > > > > > -- > Anthony Hixon, Jr. > Certified Advanced ColdFusion MX 7 Developer > Mobile: (706) 639-3617 > [email protected] > > > > > -- > Anthony Hixon, Jr. > Certified Advanced ColdFusion MX 7 Developer > Mobile: (706) 639-3617 > [email protected] > > > > > -- > Anthony Hixon, Jr. > Certified Advanced ColdFusion MX 7 Developer > Mobile: (706) 639-3617 > [email protected] > > > > > > > > > > > > > > > > > > > > > -- > Anthony Hixon, Jr. > Certified Advanced ColdFusion MX 7 Developer > Mobile: (706) 639-3617 > [email protected] > > > > > > > > > -- > Anthony Hixon, Jr. > Certified Advanced ColdFusion MX 7 Developer > Mobile: (706) 639-3617 > [email protected] > > > > > -- Anthony Hixon, Jr. Certified Advanced ColdFusion MX 7 Developer Mobile: (706) 639-3617 [email protected] --~--~---------~--~----~------------~-------~--~----~ Open BlueDragon Public Mailing List http://groups.google.com/group/openbd?hl=en official site @ http://www.openbluedragon.org/ !! save a network - trim replies before posting !! -~----------~----~----~----~------~----~------~--~---
