Solved

CFLDAP "filter" error when access Win2k AD server

Posted on 2004-04-21
15
818 Views
Last Modified: 2013-12-24
I am attempting to authenticate against our Windows 2000 AD server via the CFLDAP tag.  Here is what I have:

<cfldap action="query" name="VerifyUser"
      start="ou=Accounts"
      scope="subtree"
      attributes="UID,dn,username,password"
      filter= "(&(username=#form.Username#)
            (Password=#form.Password#))"
      server="adserver"
      username="cn=directoryadmin"
      password="pass">

Here is the error I am getting:


Attribute validation error for tag CFLDAP.  
The value of the attribute filter, which is currently "(&(username=testuser) (Password=12345))", is invalid.  
 
The error occurred in D:\WebsiteDirectories\Portal\WebApps\Login_Process.cfm: line 22
 
20 :       filter= "(&(username=#form.Username#)
21 :       (Password=#form.Password#))"
22 :       server="adserver"
23 :       username="cn=directoryadmin"
24 :       password="pass">


I am totally clueless.  I got this information out of the "ColdFusion MX: The complete reference" book...chapter 17.
 
0
Comment
Question by:brianlees
  • 7
  • 6
15 Comments
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10881363
i think you need another & in the filter

filter= "(&(username=#form.Username#) & (Password=#form.Password#))"
0
 

Author Comment

by:brianlees
ID: 10888366
Nope...same error even with the extra &.

Are the attributes themselves incorrect?  I am amazed at the lack of information on this on the web!  Ugh, this would be straightforward if I were an AD genius and CF guru, but I am neither.
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10888568
are there fields in the ldap called username and password?

try this, it will give you a list of the columns in the ldap, CF5+ or maybe MX only can't remember

<CFLDAP NAME="OrgList"
   SERVER="ldapserver"
   ACTION="QUERY"
   ATTRIBUTES="*"
   SCOPE="subtree"
   FILTER="(uid=your_email_id)"
   MAXROWS="1"
   START="c=US">
<cfdump var="#OrgList#">
<CFLOOP query="OrgList">
      <CFIF OrgList.Name eq "ID">
          This is the ID column
      <CFELSE>
            <CFOUTPUT>#OrgList.Name#</cfoutput>
      </CFIF>
      <BR>
</CFLOOP>
<CFSET VARIABLES.OrgListColumns = ValueList(OrgList.Name)>
<CFOUTPUT>#VARIABLES.OrgListColumns#</CFOUTPUT>
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:brianlees
ID: 10888864
Used this:

<cfldap
   action="query" name="OrgList"
   start="c=US"
   scope="subtree"
   maxrows="1"
   attributes="*" filter="(uid=testuser)"
   server="server" username="user" password="pass">

Got this error:

An error has occured while trying to execute query :[LDAP: error code 1 - 000020D6: SvcErr: DSID-0310067F, problem 5012 (DIR_ERROR), data 0 ].  
One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server  
 
The error occurred in D:\WebsiteDirectories\Portal\WebApps\index.cfm: line 16
 
14 :    scope="subtree"
15 :    maxrows="1"
16 :    attributes="*" filter="(uid=testuser)"
17 :    server="server" username="user" password="pass">
18 : <cfdump var="#OrgList#">
 
0
 

Author Comment

by:brianlees
ID: 10888874
BTW, this is a Windows2000 AD server.
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10888957
what cf version?
0
 

Author Comment

by:brianlees
ID: 10888972
MX 6.1
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10889171
the code isn't mine, i was tryiong to get an ldap dump and it won;t work on my server, wrong version but it should work on MX

here's what i have from an ldap dump

MAPI-Recipient
Telephone-Office2
homephone
givenName
postalCode
Company
objectClass
url
co
uid
mail
cn
telephoneNumber
otherMailbox
physicalDeliveryOfficeName
distinguishedName
st
l
postalAddress
rdn
textEncodedORaddress
sn
department
rfc822Mailbox
title

and from what i have been able to tell these are common fields
also my cfldap example does not use & in the filter

<CFLDAP
 SERVER="ldap.bigfoot.com"
 ACTION="QUERY"
 NAME="results"
 START="cn=#name#,c=US"
 FILTER="(cn=#name#)"
 ATTRIBUTES="cn,o,l,st,c,mail,telephonenumber"
 SORT="cn ASC">

0
 

Author Comment

by:brianlees
ID: 10889211
Is your LDAP server an Win2k Active Directory server?
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10889269
not sure never looked into it, it's in another country, but since everything around here is windows based it probably is win2k
0
 

Author Comment

by:brianlees
ID: 11058388
I answered this one myself.  Here is the proper code:

<cfldap action="QUERY"
            name="VerifyUser"
            attributes="sAMAccountName,cn"
            start="ou=Accounts,dc=company,dc=com"
            filter="(&(sAMAccountName=#Form.UserLogin#))"
            server="adserver.company.com"
            username="#Portal.LDAPQueryName#"
            password="#Portal.LDAPQueryPassword#">
      
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11058427
make sure you contact CS and have your question paq'd and points refunded
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11058747
i'll miss the points but no objection, as i am the only expert contributing to the thread there is no need to wait teh 4 days, please paq and refund asap

Jester_48
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11058937
PAQ-ing the question and refunding 125  points

Thanks Jester_48 !

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question