Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers

Webmaster Forum / ColdFusion / Advanced Techniques / July 2007


Tip: Looking for answers? Try searching our database.

CLDAP - Windows 2003 DC

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Mattastic - 05 Jul 2007 14:58 GMT
Hi Guys,

Can anyone heklp me with this? I'mhaving terrinble problems trying to get this
to work, and I cant find any decent tutorials on the web.

I keep getting the Innapropriate Error message, everytime I try and query my
ldap server, as were using the Windows 2003 DC, would this cause problems?

Here is my code:

<cfldap
        action="QUERY"
        name="getinfo"
        attributes="cn, displayname, memberof"
        start="CN=Users,DC=halesowen,DC=ac,DC=uk"
        scope="subtree"
        separator="|"
        server="xxx.halesowen.ac.uk"
        username="xxxx"
        password="xxxx"

        filter="(&(objectclass=user)(samaccountname=#UserName#)(memberof=CN=STAFF_GROU
P,OU=Intranet Groups,DC=halesowen,DC=ac,DC=uk))">
Reply to this Message
cgsj_usa@yahoo.com - 06 Jul 2007 13:42 GMT
Your syntax looks correct.  So, are you sure that the username and password is
correct for accessing that functionality/server?  That's what I came across
when I first attempted using the cfldap tag.

I hope that this helps.

Thanks...Chris
Reply to this Message
Mattastic - 16 Jul 2007 14:50 GMT
Thanks for your reply.

Im not getting any errors , just a blank page, do you know if  there is some sort of extra security with windows 2003?
Reply to this Message
cgsj_usa@yahoo.com - 16 Jul 2007 15:04 GMT
Try getting rid of the "memberof" filter.  There's no need, since samAccountName should be unique.  See if that works.  Thanks.

Chris
Reply to this Message
Mattastic - 16 Jul 2007 15:20 GMT
Thanks again for your help

Still no luck, although I dont get an error message, just a blank page.
Reply to this Message
cgsj_usa@yahoo.com - 16 Jul 2007 17:18 GMT
Try encapsulating it with cftry/cfcatch tags and see if that gives you some
clues.  You can then output the errors, if there are any, using
cfcatch.message,cfcatch.details, etc.  Also, maybe there's no one with that
samAccountName attribute.  Where is "username" being defined?  Try stripping
away the multiple filter requirements.  Just use one filter right now - output
all users or just one user, but not one user in the user objectclass.  Thanks.

Chris
Reply to this Message
Mattastic - 24 Jul 2007 11:15 GMT
Hi Chris,

Ive nearly got this working now. JUst one more question, the memberof
attribute ,gives the groups with their path, is there anyway I can filter this?
As its quite a complicted list and difficult to work with, I just need the
group names:

CN=SophosAdministrator,CN=Users,DC=xx,DC=ac,DC=uk, CN=SMS,OU=Intranet
Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=Questionnaire,OU=Intranet
Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=ART,OU=Intranet
Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=IT Techie Level
1,CN=Users,DC=xx,DC=ac,DC=uk, CN=WEBMODS,OU=Intranet
Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=LESSON_OBS,OU=Intranet
Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=STAFF_GROUP,OU=Intranet
Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=webtest,CN=Users,DC=xx,DC=ac,DC=uk,
CN=web updaters,CN=Users,DC=xx,DC=ac,DC=uk, CN=Account
Operators,CN=Builtin,DC=xx,DC=ac,DC=uk,
CN=webmaster,CN=Users,DC=xx,DC=ac,DC=uk,
CN=Administrators,CN=Builtin,DC=xx,DC=ac,DC=uk, CN=Domain
Admins,CN=Users,DC=xx,DC=ac,DC=uk
Reply to this Message
cgsj_usa@yahoo.com - 24 Jul 2007 14:20 GMT
Try filtering just by the container (cn) or organization unit (ou)...not the entire memberOf attribute.  Thanks.

Chris
Reply to this Message
Michael - 31 Jul 2007 01:36 GMT
First, in case you haven't figured out the first problem, use CFDUMP.  Also,
make sure you are using a fully-qualified user account name such as
"domain\username" or "username@domain.com" in your CFLDAP query.

Second, in your CFLDAP query, you need to specify a SEPARATOR attribute of a
non-comma character.  You can usually get by with a pipe "|" character.  That
will return a list of pipe-separated group distinguishedNames.

You can then loop over that list of group DNs using the pipe as the list
separator.  Each iteration of the loop will give you the list DN with its own
parts separated by commas.  Use the ListFirst() function to get the group name
including the leading "CN=" characters.  You can then remove the "CN="
characters using several methods.

M!ke
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.