LDAP question...

[Ross1811]

I am trying to authenticate with coldfusion to a nt domain,

How to you find what server is the LDAP server?? Is that the one with the Domain Controller? If not where does it usually default to or do I have to install it? For example

root = "o=Monash University,c=AU";
servername = "directory.monash.edu.au";


What is the "o" and "c" exactly mean? The server name is the domain controller?

Thanks,
Ross

 

[ecobb]

Your domain controller is going to be the server you use. If you have an Exchange 2000 server, you can use it, but I always just stick to the domain controllers.

Here's a working example of how I have cfldap set up:

<cfldap action="QUERY"
			        name="auth"
			        attributes="mail,userPrincipalName,cn,dn,displayName,sAMAccountName"
			        start="DC=DomainName, DC=com"
			        scope="SUBTREE"
			        filter="sAMAccountName=#Form.Username#"
			        server="dc1.domainname.com"
			        username="domain\#Form.Username#"
			        password="#Form.Password#">

Hope This Helps!

ECAR
ECAR Technologies, LLC

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

 

[Ross1811]

Ok I have tried that and I still get the error,

Element RECORDCOUNT is undefined in USERSEARCH.

Do I have to define Record count somehow??? it gets made at this line of code userSearch.recordcount, It seems to me like it is not connecting right or something?


Ross

 

[ecobb]

Did you change name="auth" to name="USERSEARCH"?



Hope This Helps!

ECAR
ECAR Technologies, LLC

http://www.ecartech.com

"My work is a game, a very serious game." - M.C. Escher

 

[Ross1811]

yes

 

[CTekMedia]

Here is some of the code that took me 4 days to make work. I borrowed from several sources including from several on this forum.

This is for CF6. The newest version of CF has a tag that makes LDAP access much easier.

Make sure you have SSL running or you will be sending passwords across your network in the clear.

Use CFDUMP frequently to check your output and build and test small sections at a time.

Download a copy of Softerra LDAP browser. This can help you figure out your Active Directory configuration.

Good luck.

<!---
<CFSET ApFormName = "main2.cfm">

<!---Force the user to login--->
<!---Thise code only executes if the user has not logged in yet--->
<!---Once the user is logged in via <cfloginuser>, this code is skipped--->
<CFLOGIN>

<!---If the user hasn't gotten the login form yet, display it--->
<CFIF not(IsDefined("Form.s_name") AND IsDefined("Form.s_password"))>
<CFINCLUDE TEMPLATE="LDAP_login.cfm">
<CFABORT>

<!---Otherwise, the user is submitting the login form--->
<!---This code decides whether the username and password are valid--->
<CFELSE>


<!---Find record with this Username/Password--->

<!--- BEGIN LDAP QUERY SECTION --->


<CFIF isDefined("Form.s_name")>
<!--- setting basic attributes --->
<CFSET LDAP_root = "DC=yourdomain, DC=com">
<CFSET LDAP_server ="10.99.0.1">
<!--- These attributes are used in the first search. --->
<!--- This filter will look for the user's ID. --->
<CFSET userfilter = "sAMAccountName=#Form.s_name#">
<!--- Need directory manager's cn and password to get the user's
password from the directory --->
<CFSET LDAP_username = "domain.com\admin">
<CFSET LDAP_password = "xxxxxxxxxx">
<!--- Search for the user's dn information. This is used later to
authenticate the user. NOTE: I do this as the Directory Manager to ensure access to the
information --->
<CFSET UserSearchFailed = false>
<CFSET PasswordSearchFailed = false>
<CFTRY>
<CFLDAP
ACTION="QUERY"
NAME="userSearch"
ATTRIBUTES="userPrincipalName, cn, sAMAccountName, dn"
START="#LDAP_root#"
SCOPE="SUBTREE"
PORT="333(ask Admin for correct port)"
SERVER="#LDAP_server#"
FILTER="#userfilter#"
USERNAME="#LDAP_username#"
PASSWORD="#LDAP_password#">

<CFCATCH TYPE="Any">
<CFSET UserSearchFailed = true>
</CFCATCH>
</CFTRY>

<!--- If user search failed or returns 0 rows, abort --->
<CFIF NOT userSearch.recordcount OR isDefined("#UserSearchFailed#")>
<CFLOCATION URL="LDAP_fail_name.cfm">
<CFABORT>
</CFIF>
<!--- Pass the user's DN and password to see if the user authenticates,
and get the user's roles --->
<CFTRY>
<CFLDAP
ACTION="QUERY"
NAME="auth"
ATTRIBUTES="userPrincipalName, cn, dn, sAMAccountName"
START="#LDAP_root#"
SCOPE="SUBTREE"
PORT="333"
SERVER="#LDAP_server#"
FILTER="#userfilter#"
USERNAME="domain.com\#Form.s_name#"
PASSWORD="#Form.s_password#">

<CFCATCH TYPE="any">
<CFIF FindNoCase("Invalid credentials", cfcatch.detail)>
<CFLOCATION URL="LDAP_fail_pword.cfm">
<CFABORT>
<CFELSE>
<CFLOCATION URL="LDAP_fail_pword.cfm">
<CFABORT>
</CFIF>
</CFCATCH>
</CFTRY>

</CFIF>
<!--- END LDAP QUEARY SECTION --->

<!---If the username and password are correct--->
<CFIF auth.RecordCount NEQ 1>
<CFLOCATION URL="LDAP_fail_either.cfm">
<CFELSE>
<CFLOCK TIMEOUT = "90" SCOPE = "SESSION" TYPE = "readOnly">
<CFSET session.LoggedIn = "Yes">
<CFSET Session.MM_Username = #FORM.s_name#>
<CFSET session.FullName = #auth.cn#>
<CFSET Session.MM_UserAuthorization = #FORM.s_password#>
<CFLOCATION URL="#ApFormName#">
</CFLOCK>
</CFIF>
</CFIF>
</CFLOGIN>
<html>
<head>
<TITLE>Login</TITLE>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="../../Acss.css" type="text/css">
</head>
<body>
</body>
</html> --->