Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers

Webmaster Forum / ColdFusion / Advanced Techniques / March 2008


Tip: Looking for answers? Try searching our database.

Querying a secure CFLDAP

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
DettCom - 28 Mar 2008 22:08 GMT
Hello all,

I have been pulling my hair out trying to figure out why my CFMX7 box will not
authenticate with a secure LDAP. I have been able to query using ldp.exe from
micosoft but nothing with CF. I have been all over the Internet looking for
solutions and suggestion but nothing has helped.

I believe I imported the crt correctly but I suspect that is where I am
experiencing the breakdown.

Here is the code:
             <cfldap
            server = "#domain#"
            action = "query"
            name = "results"
            start = "dc=school,dc=edu"
            filter = "(sAMAccountName=aasmith)"
            port="636"
            username="username"
            password="password"
            attributes = "ldapDisplayName"
            secure="cfssl_basic">

I imported the crt before and tried again just case and it said that it was
already there. I would like to delete the alias out and start over be could
not. Can someone help me with this?

Thanks!!!
Reply to this Message
cf_jimmy - 28 Mar 2008 22:47 GMT
have you looked at this?

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_19139
Reply to this Message
DettCom - 28 Mar 2008 23:13 GMT
Yes, I thought I followed it to the tee. However it still is not working. I
tried to run "keytool -list -keystore cacerts -alias ldapserver-cert -storepass
changeit -v" to check the cert but it just came back with a list of all the
functions.

Any idea? Thanks
Reply to this Message
cf_jimmy - 28 Mar 2008 23:26 GMT
depending on where you've installed CF, you may need to change these paths -

Open a command prompt and cd to ?C:\CFusionMX7\runtime\jre\bin?

From here you can feed the command prompt the following command (on one line):

keytool -list -storepass changeit -noprompt -keystore
C:\CFusionMX7\runtime\jre\lib\security\cacerts

Example:

C:\CFusionMX7\runtime\jre\bin>keytool -list -storepass changeit -noprompt
-keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts

This should list out all the current certs.

This blog post has more info as well -
http://www.coldfusionmuse.com/index.cfm/2005/01/29/keystore
Reply to this Message
cf_jimmy - 28 Mar 2008 23:33 GMT
also, you didn't say what the error message, if any, you were receiving when
making the ldap call. If it's 'connection failure' then it's almost a guarantee
that the issue is with the cert not being imported or configured properly.
Reply to this Message
DettCom - 28 Mar 2008 23:39 GMT
Here is the error message:

Connection to LDAP Server failed
Reply to this Message
DettCom - 28 Mar 2008 23:45 GMT
I just ran the list function and I do not see the certificate anywhere. In
addition, I just ran another one which was Starfield.cer (godaddy) and I do not
see it in there either. I made sure to restart CF after each time.

Thanks!!
Reply to this Message
DettCom - 29 Mar 2008 00:30 GMT
We also have a version of CF5 running and I understand that it is a bit easier
to configure. Can you tell me where I could find the certificate_db? I am
trying this: secure="CFSSL_BASIC, C:\cfusion\ldap\certificate_db"

However I get the following error:

Invalid security information for security type "CFSSL_BASIC" was provided
within the SECURITY attribute. Please refer to the documentation for the
correct format of this multi-field string value. Error: The path component,
"C:\cfusion\ldap\certificate_db", specifies a file that does not exist.

Thanks for all your help!!
Reply to this Message
DettCom - 29 Mar 2008 00:46 GMT
I think there may be an issue with how I name the alias. Would I name the alias ldap.domain.edu if that the server I was querying (server = "ldap.domain.edu")???
Reply to this Message
DettCom - 30 Mar 2008 18:36 GMT
Well the believe it or not I figured it out. It was only after reading this
post
(http://www.numtopia.com/terry/blog/archives/2006/07/importing_ssl_certificates_
with_keytool_finally.cfm) that I started thinking that I remember I would
import certificates and thenn run a list to make sure that they were in there.
I could never find them and the total amount would always stay at 106.

I then entered the following (replace "whateverthecertis"): keytool -import
-keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts -file
whateverthecertis.cer -alias whateverthecertis

All of the documentation examples I read (which was quite a bit) always had
"-keystore cacerts" which places it in the same directory as the keytool
(C:\CFusionMX7\runtime\jre\bin). Therefore the CF server never sees it.

I hope this helps someone as it would have saved me a week.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.