Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

CFLDAP "filter" error when access Win2k AD server

Posted on 2004-04-21
15
Medium Priority
?
852 Views
Last Modified: 2013-12-24
I am attempting to authenticate against our Windows 2000 AD server via the CFLDAP tag.  Here is what I have:

<cfldap action="query" name="VerifyUser"
      start="ou=Accounts"
      scope="subtree"
      attributes="UID,dn,username,password"
      filter= "(&(username=#form.Username#)
            (Password=#form.Password#))"
      server="adserver"
      username="cn=directoryadmin"
      password="pass">

Here is the error I am getting:


Attribute validation error for tag CFLDAP.  
The value of the attribute filter, which is currently "(&(username=testuser) (Password=12345))", is invalid.  
 
The error occurred in D:\WebsiteDirectories\Portal\WebApps\Login_Process.cfm: line 22
 
20 :       filter= "(&(username=#form.Username#)
21 :       (Password=#form.Password#))"
22 :       server="adserver"
23 :       username="cn=directoryadmin"
24 :       password="pass">


I am totally clueless.  I got this information out of the "ColdFusion MX: The complete reference" book...chapter 17.
 
0
Comment
Question by:brianlees
  • 7
  • 6
15 Comments
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10881363
i think you need another & in the filter

filter= "(&(username=#form.Username#) & (Password=#form.Password#))"
0
 

Author Comment

by:brianlees
ID: 10888366
Nope...same error even with the extra &.

Are the attributes themselves incorrect?  I am amazed at the lack of information on this on the web!  Ugh, this would be straightforward if I were an AD genius and CF guru, but I am neither.
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10888568
are there fields in the ldap called username and password?

try this, it will give you a list of the columns in the ldap, CF5+ or maybe MX only can't remember

<CFLDAP NAME="OrgList"
   SERVER="ldapserver"
   ACTION="QUERY"
   ATTRIBUTES="*"
   SCOPE="subtree"
   FILTER="(uid=your_email_id)"
   MAXROWS="1"
   START="c=US">
<cfdump var="#OrgList#">
<CFLOOP query="OrgList">
      <CFIF OrgList.Name eq "ID">
          This is the ID column
      <CFELSE>
            <CFOUTPUT>#OrgList.Name#</cfoutput>
      </CFIF>
      <BR>
</CFLOOP>
<CFSET VARIABLES.OrgListColumns = ValueList(OrgList.Name)>
<CFOUTPUT>#VARIABLES.OrgListColumns#</CFOUTPUT>
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 

Author Comment

by:brianlees
ID: 10888864
Used this:

<cfldap
   action="query" name="OrgList"
   start="c=US"
   scope="subtree"
   maxrows="1"
   attributes="*" filter="(uid=testuser)"
   server="server" username="user" password="pass">

Got this error:

An error has occured while trying to execute query :[LDAP: error code 1 - 000020D6: SvcErr: DSID-0310067F, problem 5012 (DIR_ERROR), data 0 ].  
One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server  
 
The error occurred in D:\WebsiteDirectories\Portal\WebApps\index.cfm: line 16
 
14 :    scope="subtree"
15 :    maxrows="1"
16 :    attributes="*" filter="(uid=testuser)"
17 :    server="server" username="user" password="pass">
18 : <cfdump var="#OrgList#">
 
0
 

Author Comment

by:brianlees
ID: 10888874
BTW, this is a Windows2000 AD server.
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10888957
what cf version?
0
 

Author Comment

by:brianlees
ID: 10888972
MX 6.1
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10889171
the code isn't mine, i was tryiong to get an ldap dump and it won;t work on my server, wrong version but it should work on MX

here's what i have from an ldap dump

MAPI-Recipient
Telephone-Office2
homephone
givenName
postalCode
Company
objectClass
url
co
uid
mail
cn
telephoneNumber
otherMailbox
physicalDeliveryOfficeName
distinguishedName
st
l
postalAddress
rdn
textEncodedORaddress
sn
department
rfc822Mailbox
title

and from what i have been able to tell these are common fields
also my cfldap example does not use & in the filter

<CFLDAP
 SERVER="ldap.bigfoot.com"
 ACTION="QUERY"
 NAME="results"
 START="cn=#name#,c=US"
 FILTER="(cn=#name#)"
 ATTRIBUTES="cn,o,l,st,c,mail,telephonenumber"
 SORT="cn ASC">

0
 

Author Comment

by:brianlees
ID: 10889211
Is your LDAP server an Win2k Active Directory server?
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10889269
not sure never looked into it, it's in another country, but since everything around here is windows based it probably is win2k
0
 

Author Comment

by:brianlees
ID: 11058388
I answered this one myself.  Here is the proper code:

<cfldap action="QUERY"
            name="VerifyUser"
            attributes="sAMAccountName,cn"
            start="ou=Accounts,dc=company,dc=com"
            filter="(&(sAMAccountName=#Form.UserLogin#))"
            server="adserver.company.com"
            username="#Portal.LDAPQueryName#"
            password="#Portal.LDAPQueryPassword#">
      
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11058427
make sure you contact CS and have your question paq'd and points refunded
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11058747
i'll miss the points but no objection, as i am the only expert contributing to the thread there is no need to wait teh 4 days, please paq and refund asap

Jester_48
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11058937
PAQ-ing the question and refunding 125  points

Thanks Jester_48 !

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question