Solved

CFLDAP "filter" error when access Win2k AD server

Posted on 2004-04-21
15
828 Views
Last Modified: 2013-12-24
I am attempting to authenticate against our Windows 2000 AD server via the CFLDAP tag.  Here is what I have:

<cfldap action="query" name="VerifyUser"
      start="ou=Accounts"
      scope="subtree"
      attributes="UID,dn,username,password"
      filter= "(&(username=#form.Username#)
            (Password=#form.Password#))"
      server="adserver"
      username="cn=directoryadmin"
      password="pass">

Here is the error I am getting:


Attribute validation error for tag CFLDAP.  
The value of the attribute filter, which is currently "(&(username=testuser) (Password=12345))", is invalid.  
 
The error occurred in D:\WebsiteDirectories\Portal\WebApps\Login_Process.cfm: line 22
 
20 :       filter= "(&(username=#form.Username#)
21 :       (Password=#form.Password#))"
22 :       server="adserver"
23 :       username="cn=directoryadmin"
24 :       password="pass">


I am totally clueless.  I got this information out of the "ColdFusion MX: The complete reference" book...chapter 17.
 
0
Comment
Question by:brianlees
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
15 Comments
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10881363
i think you need another & in the filter

filter= "(&(username=#form.Username#) & (Password=#form.Password#))"
0
 

Author Comment

by:brianlees
ID: 10888366
Nope...same error even with the extra &.

Are the attributes themselves incorrect?  I am amazed at the lack of information on this on the web!  Ugh, this would be straightforward if I were an AD genius and CF guru, but I am neither.
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10888568
are there fields in the ldap called username and password?

try this, it will give you a list of the columns in the ldap, CF5+ or maybe MX only can't remember

<CFLDAP NAME="OrgList"
   SERVER="ldapserver"
   ACTION="QUERY"
   ATTRIBUTES="*"
   SCOPE="subtree"
   FILTER="(uid=your_email_id)"
   MAXROWS="1"
   START="c=US">
<cfdump var="#OrgList#">
<CFLOOP query="OrgList">
      <CFIF OrgList.Name eq "ID">
          This is the ID column
      <CFELSE>
            <CFOUTPUT>#OrgList.Name#</cfoutput>
      </CFIF>
      <BR>
</CFLOOP>
<CFSET VARIABLES.OrgListColumns = ValueList(OrgList.Name)>
<CFOUTPUT>#VARIABLES.OrgListColumns#</CFOUTPUT>
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:brianlees
ID: 10888864
Used this:

<cfldap
   action="query" name="OrgList"
   start="c=US"
   scope="subtree"
   maxrows="1"
   attributes="*" filter="(uid=testuser)"
   server="server" username="user" password="pass">

Got this error:

An error has occured while trying to execute query :[LDAP: error code 1 - 000020D6: SvcErr: DSID-0310067F, problem 5012 (DIR_ERROR), data 0 ].  
One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server  
 
The error occurred in D:\WebsiteDirectories\Portal\WebApps\index.cfm: line 16
 
14 :    scope="subtree"
15 :    maxrows="1"
16 :    attributes="*" filter="(uid=testuser)"
17 :    server="server" username="user" password="pass">
18 : <cfdump var="#OrgList#">
 
0
 

Author Comment

by:brianlees
ID: 10888874
BTW, this is a Windows2000 AD server.
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10888957
what cf version?
0
 

Author Comment

by:brianlees
ID: 10888972
MX 6.1
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10889171
the code isn't mine, i was tryiong to get an ldap dump and it won;t work on my server, wrong version but it should work on MX

here's what i have from an ldap dump

MAPI-Recipient
Telephone-Office2
homephone
givenName
postalCode
Company
objectClass
url
co
uid
mail
cn
telephoneNumber
otherMailbox
physicalDeliveryOfficeName
distinguishedName
st
l
postalAddress
rdn
textEncodedORaddress
sn
department
rfc822Mailbox
title

and from what i have been able to tell these are common fields
also my cfldap example does not use & in the filter

<CFLDAP
 SERVER="ldap.bigfoot.com"
 ACTION="QUERY"
 NAME="results"
 START="cn=#name#,c=US"
 FILTER="(cn=#name#)"
 ATTRIBUTES="cn,o,l,st,c,mail,telephonenumber"
 SORT="cn ASC">

0
 

Author Comment

by:brianlees
ID: 10889211
Is your LDAP server an Win2k Active Directory server?
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10889269
not sure never looked into it, it's in another country, but since everything around here is windows based it probably is win2k
0
 

Author Comment

by:brianlees
ID: 11058388
I answered this one myself.  Here is the proper code:

<cfldap action="QUERY"
            name="VerifyUser"
            attributes="sAMAccountName,cn"
            start="ou=Accounts,dc=company,dc=com"
            filter="(&(sAMAccountName=#Form.UserLogin#))"
            server="adserver.company.com"
            username="#Portal.LDAPQueryName#"
            password="#Portal.LDAPQueryPassword#">
      
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11058427
make sure you contact CS and have your question paq'd and points refunded
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11058747
i'll miss the points but no objection, as i am the only expert contributing to the thread there is no need to wait teh 4 days, please paq and refund asap

Jester_48
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11058937
PAQ-ing the question and refunding 125  points

Thanks Jester_48 !

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPA - can it be run on a web server? 3 250
Redundant SQL Servers Without Clustering 7 156
WEB Farm 6 85
Web site: http forwards to https causing 301 errors - SEO issue? 26 77
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question