brianlees
asked on
CFLDAP "filter" error when access Win2k AD server
I am attempting to authenticate against our Windows 2000 AD server via the CFLDAP tag. Here is what I have:
<cfldap action="query" name="VerifyUser"
start="ou=Accounts"
scope="subtree"
attributes="UID,dn,usernam
filter= "(&(username=#form.Usernam
(Password=#form.Password#)
server="adserver"
username="cn=directoryadmi
password="pass">
Here is the error I am getting:
Attribute validation error for tag CFLDAP.
The value of the attribute filter, which is currently "(&(username=testuser) (Password=12345))", is invalid.
The error occurred in D:\WebsiteDirectories\Port
20 : filter= "(&(username=#form.Usernam
21 : (Password=#form.Password#)
22 : server="adserver"
23 : username="cn=directoryadmi
24 : password="pass">
I am totally clueless. I got this information out of the "ColdFusion MX: The complete reference" book...chapter 17.
<cfldap action="query" name="VerifyUser"
start="ou=Accounts"
scope="subtree"
attributes="UID,dn,usernam
filter= "(&(username=#form.Usernam
(Password=#form.Password#)
server="adserver"
username="cn=directoryadmi
password="pass">
Here is the error I am getting:
Attribute validation error for tag CFLDAP.
The value of the attribute filter, which is currently "(&(username=testuser) (Password=12345))", is invalid.
The error occurred in D:\WebsiteDirectories\Port
20 : filter= "(&(username=#form.Usernam
21 : (Password=#form.Password#)
22 : server="adserver"
23 : username="cn=directoryadmi
24 : password="pass">
I am totally clueless. I got this information out of the "ColdFusion MX: The complete reference" book...chapter 17.
ASKER
Nope...same error even with the extra &.
Are the attributes themselves incorrect? I am amazed at the lack of information on this on the web! Ugh, this would be straightforward if I were an AD genius and CF guru, but I am neither.
Are the attributes themselves incorrect? I am amazed at the lack of information on this on the web! Ugh, this would be straightforward if I were an AD genius and CF guru, but I am neither.
are there fields in the ldap called username and password?
try this, it will give you a list of the columns in the ldap, CF5+ or maybe MX only can't remember
<CFLDAP NAME="OrgList"
SERVER="ldapserver"
ACTION="QUERY"
ATTRIBUTES="*"
SCOPE="subtree"
FILTER="(uid=your_email_id
MAXROWS="1"
START="c=US">
<cfdump var="#OrgList#">
<CFLOOP query="OrgList">
<CFIF OrgList.Name eq "ID">
This is the ID column
<CFELSE>
<CFOUTPUT>#OrgList.Name#</
</CFIF>
<BR>
</CFLOOP>
<CFSET VARIABLES.OrgListColumns = ValueList(OrgList.Name)>
<CFOUTPUT>#VARIABLES.OrgLi
try this, it will give you a list of the columns in the ldap, CF5+ or maybe MX only can't remember
<CFLDAP NAME="OrgList"
SERVER="ldapserver"
ACTION="QUERY"
ATTRIBUTES="*"
SCOPE="subtree"
FILTER="(uid=your_email_id
MAXROWS="1"
START="c=US">
<cfdump var="#OrgList#">
<CFLOOP query="OrgList">
<CFIF OrgList.Name eq "ID">
This is the ID column
<CFELSE>
<CFOUTPUT>#OrgList.Name#</
</CFIF>
<BR>
</CFLOOP>
<CFSET VARIABLES.OrgListColumns = ValueList(OrgList.Name)>
<CFOUTPUT>#VARIABLES.OrgLi
ASKER
Used this:
<cfldap
action="query" name="OrgList"
start="c=US"
scope="subtree"
maxrows="1"
attributes="*" filter="(uid=testuser)"
server="server" username="user" password="pass">
Got this error:
An error has occured while trying to execute query :[LDAP: error code 1 - 000020D6: SvcErr: DSID-0310067F, problem 5012 (DIR_ERROR), data 0 ].
One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server
The error occurred in D:\WebsiteDirectories\Port
14 : scope="subtree"
15 : maxrows="1"
16 : attributes="*" filter="(uid=testuser)"
17 : server="server" username="user" password="pass">
18 : <cfdump var="#OrgList#">
<cfldap
action="query" name="OrgList"
start="c=US"
scope="subtree"
maxrows="1"
attributes="*" filter="(uid=testuser)"
server="server" username="user" password="pass">
Got this error:
An error has occured while trying to execute query :[LDAP: error code 1 - 000020D6: SvcErr: DSID-0310067F, problem 5012 (DIR_ERROR), data 0 ].
One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server
The error occurred in D:\WebsiteDirectories\Port
14 : scope="subtree"
15 : maxrows="1"
16 : attributes="*" filter="(uid=testuser)"
17 : server="server" username="user" password="pass">
18 : <cfdump var="#OrgList#">
ASKER
BTW, this is a Windows2000 AD server.
what cf version?
ASKER
MX 6.1
the code isn't mine, i was tryiong to get an ldap dump and it won;t work on my server, wrong version but it should work on MX
here's what i have from an ldap dump
MAPI-Recipient
Telephone-Office2
homephone
givenName
postalCode
Company
objectClass
url
co
uid
mail
cn
telephoneNumber
otherMailbox
physicalDeliveryOfficeName
distinguishedName
st
l
postalAddress
rdn
textEncodedORaddress
sn
department
rfc822Mailbox
title
and from what i have been able to tell these are common fields
also my cfldap example does not use & in the filter
<CFLDAP
SERVER="ldap.bigfoot.com"
ACTION="QUERY"
NAME="results"
START="cn=#name#,c=US"
FILTER="(cn=#name#)"
ATTRIBUTES="cn,o,l,st,c,ma
SORT="cn ASC">
here's what i have from an ldap dump
MAPI-Recipient
Telephone-Office2
homephone
givenName
postalCode
Company
objectClass
url
co
uid
cn
telephoneNumber
otherMailbox
physicalDeliveryOfficeName
distinguishedName
st
l
postalAddress
rdn
textEncodedORaddress
sn
department
rfc822Mailbox
title
and from what i have been able to tell these are common fields
also my cfldap example does not use & in the filter
<CFLDAP
SERVER="ldap.bigfoot.com"
ACTION="QUERY"
NAME="results"
START="cn=#name#,c=US"
FILTER="(cn=#name#)"
ATTRIBUTES="cn,o,l,st,c,ma
SORT="cn ASC">
ASKER
Is your LDAP server an Win2k Active Directory server?
not sure never looked into it, it's in another country, but since everything around here is windows based it probably is win2k
ASKER
I answered this one myself. Here is the proper code:
<cfldap action="QUERY"
name="VerifyUser"
attributes="sAMAccountName
start="ou=Accounts,dc=comp
filter="(&(sAMAccountName=
server="adserver.company.c
username="#Portal.LDAPQuer
password="#Portal.LDAPQuer
<cfldap action="QUERY"
name="VerifyUser"
attributes="sAMAccountName
start="ou=Accounts,dc=comp
filter="(&(sAMAccountName=
server="adserver.company.c
username="#Portal.LDAPQuer
password="#Portal.LDAPQuer
make sure you contact CS and have your question paq'd and points refunded
i'll miss the points but no objection, as i am the only expert contributing to the thread there is no need to wait teh 4 days, please paq and refund asap
Jester_48
Jester_48
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
filter= "(&(username=#form.Usernam