Solved

CFLDAP "filter" error when access Win2k AD server

Posted on 2004-04-21
15
833 Views
Last Modified: 2013-12-24
I am attempting to authenticate against our Windows 2000 AD server via the CFLDAP tag.  Here is what I have:

<cfldap action="query" name="VerifyUser"
      start="ou=Accounts"
      scope="subtree"
      attributes="UID,dn,username,password"
      filter= "(&(username=#form.Username#)
            (Password=#form.Password#))"
      server="adserver"
      username="cn=directoryadmin"
      password="pass">

Here is the error I am getting:


Attribute validation error for tag CFLDAP.  
The value of the attribute filter, which is currently "(&(username=testuser) (Password=12345))", is invalid.  
 
The error occurred in D:\WebsiteDirectories\Portal\WebApps\Login_Process.cfm: line 22
 
20 :       filter= "(&(username=#form.Username#)
21 :       (Password=#form.Password#))"
22 :       server="adserver"
23 :       username="cn=directoryadmin"
24 :       password="pass">


I am totally clueless.  I got this information out of the "ColdFusion MX: The complete reference" book...chapter 17.
 
0
Comment
Question by:brianlees
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
15 Comments
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10881363
i think you need another & in the filter

filter= "(&(username=#form.Username#) & (Password=#form.Password#))"
0
 

Author Comment

by:brianlees
ID: 10888366
Nope...same error even with the extra &.

Are the attributes themselves incorrect?  I am amazed at the lack of information on this on the web!  Ugh, this would be straightforward if I were an AD genius and CF guru, but I am neither.
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10888568
are there fields in the ldap called username and password?

try this, it will give you a list of the columns in the ldap, CF5+ or maybe MX only can't remember

<CFLDAP NAME="OrgList"
   SERVER="ldapserver"
   ACTION="QUERY"
   ATTRIBUTES="*"
   SCOPE="subtree"
   FILTER="(uid=your_email_id)"
   MAXROWS="1"
   START="c=US">
<cfdump var="#OrgList#">
<CFLOOP query="OrgList">
      <CFIF OrgList.Name eq "ID">
          This is the ID column
      <CFELSE>
            <CFOUTPUT>#OrgList.Name#</cfoutput>
      </CFIF>
      <BR>
</CFLOOP>
<CFSET VARIABLES.OrgListColumns = ValueList(OrgList.Name)>
<CFOUTPUT>#VARIABLES.OrgListColumns#</CFOUTPUT>
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 

Author Comment

by:brianlees
ID: 10888864
Used this:

<cfldap
   action="query" name="OrgList"
   start="c=US"
   scope="subtree"
   maxrows="1"
   attributes="*" filter="(uid=testuser)"
   server="server" username="user" password="pass">

Got this error:

An error has occured while trying to execute query :[LDAP: error code 1 - 000020D6: SvcErr: DSID-0310067F, problem 5012 (DIR_ERROR), data 0 ].  
One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server  
 
The error occurred in D:\WebsiteDirectories\Portal\WebApps\index.cfm: line 16
 
14 :    scope="subtree"
15 :    maxrows="1"
16 :    attributes="*" filter="(uid=testuser)"
17 :    server="server" username="user" password="pass">
18 : <cfdump var="#OrgList#">
 
0
 

Author Comment

by:brianlees
ID: 10888874
BTW, this is a Windows2000 AD server.
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10888957
what cf version?
0
 

Author Comment

by:brianlees
ID: 10888972
MX 6.1
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10889171
the code isn't mine, i was tryiong to get an ldap dump and it won;t work on my server, wrong version but it should work on MX

here's what i have from an ldap dump

MAPI-Recipient
Telephone-Office2
homephone
givenName
postalCode
Company
objectClass
url
co
uid
mail
cn
telephoneNumber
otherMailbox
physicalDeliveryOfficeName
distinguishedName
st
l
postalAddress
rdn
textEncodedORaddress
sn
department
rfc822Mailbox
title

and from what i have been able to tell these are common fields
also my cfldap example does not use & in the filter

<CFLDAP
 SERVER="ldap.bigfoot.com"
 ACTION="QUERY"
 NAME="results"
 START="cn=#name#,c=US"
 FILTER="(cn=#name#)"
 ATTRIBUTES="cn,o,l,st,c,mail,telephonenumber"
 SORT="cn ASC">

0
 

Author Comment

by:brianlees
ID: 10889211
Is your LDAP server an Win2k Active Directory server?
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10889269
not sure never looked into it, it's in another country, but since everything around here is windows based it probably is win2k
0
 

Author Comment

by:brianlees
ID: 11058388
I answered this one myself.  Here is the proper code:

<cfldap action="QUERY"
            name="VerifyUser"
            attributes="sAMAccountName,cn"
            start="ou=Accounts,dc=company,dc=com"
            filter="(&(sAMAccountName=#Form.UserLogin#))"
            server="adserver.company.com"
            username="#Portal.LDAPQueryName#"
            password="#Portal.LDAPQueryPassword#">
      
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11058427
make sure you contact CS and have your question paq'd and points refunded
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11058747
i'll miss the points but no objection, as i am the only expert contributing to the thread there is no need to wait teh 4 days, please paq and refund asap

Jester_48
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11058937
PAQ-ing the question and refunding 125  points

Thanks Jester_48 !

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question