Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers

Webmaster Forum / ColdFusion / Advanced Techniques / June 2005


Tip: Looking for answers? Try searching our database.

Username and password from web based authentication

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Bart Lemmens - 28 Jun 2005 11:09 GMT
Hello,

I'm using web based authentication to protect some web pages.
The user-id's and passwords are stored in Active Directory.
I need the user-id an password from the web based authentication
to launch an LDAP Query.

Can someone provide me code to use the user-id and the password in the LDAP
Query?
I tried cflogin.username and cflogin.password, but I can't get it to work.

----------------------------- Example LDAP Query -----------------------------

<cfldap action="query"
    name="results"
    start="dc=xxx,dc=xxx,dc=xxx"
    attributes="sn,givenname,department,telephoneNumber,mobile,mail"
    filter="(&(objectclass=*)(Company="xxx"))"
    sort="sn"
    server="xx.xx.xx.xx"
    username="#cflogin.username#"
    password="#cflogin.password#">
Reply to this Message
MikerRoo - 28 Jun 2005 11:33 GMT
You need to use:
 username="#cflogin.name#"
password="#cflogin.password#">

If you roll a login form it needs to use the magic form names j_username and
j_password.

More info is at
http://livedocs.macromedia.com/coldfusion/7/htmldocs/wwhelp/wwhimpl/common/html/
wwhelp.htm?context=ColdFusion_Documentation&file=00000287.htm.

Regards,
-- MikeR
Reply to this Message
Bart Lemmens - 28 Jun 2005 12:14 GMT
Currently the code is in application.cfm.

How can I use the content of these variables in other cfm files in the same
map?

For example to query the ldap server and provide a list of users and telephone
numbers (list.cfm)?
Reply to this Message
MikerRoo - 30 Jun 2005 05:58 GMT
There are two main uses of LDAP in this context.

1) Inside a  CFLogin tag, pass the user's name and password to the LDAP server
in a bind-only operation.   You typically don't (or even can't) return results
-- you are just learning if the user authenticates.  
When you use LDAP for auth, you should have the login page posted with SSL and
you should connect to the LDAP server using SSL (if your server supports it).

2) To search an LDAP directory, you usually do not use a username or password
at all.   If you do, it is a special account provided by your LDAP admin, not
the user's account.  (Often the user can bind but not query).

Anyway, your question seems to have changed.   You need to clarify a little
more.
Do you want to authenticate a user, or query the directory, or both?    Do not
try to do both with the same LDAP call.

The results of your LDAP call are available in the query you specify with the
name attribute.  In this case, you used "results".   So you can use the code:
<CFDUMP var="#Results#"> to see what was returned.   Use this query like any
other.

Do you want to preserve the username outside of the cflogin tag?   The
password (not a good idea)?

For your list of telephone numbers, create a new LDAP call (in list.cfm
perhaps) and do not use a username and password unless your ldap admin requires
it.

-- MikeR
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.