Solved

CFLDAP "filter" error when access Win2k AD server

Posted on 2004-04-21
15
811 Views
Last Modified: 2013-12-24
I am attempting to authenticate against our Windows 2000 AD server via the CFLDAP tag.  Here is what I have:

<cfldap action="query" name="VerifyUser"
      start="ou=Accounts"
      scope="subtree"
      attributes="UID,dn,username,password"
      filter= "(&(username=#form.Username#)
            (Password=#form.Password#))"
      server="adserver"
      username="cn=directoryadmin"
      password="pass">

Here is the error I am getting:


Attribute validation error for tag CFLDAP.  
The value of the attribute filter, which is currently "(&(username=testuser) (Password=12345))", is invalid.  
 
The error occurred in D:\WebsiteDirectories\Portal\WebApps\Login_Process.cfm: line 22
 
20 :       filter= "(&(username=#form.Username#)
21 :       (Password=#form.Password#))"
22 :       server="adserver"
23 :       username="cn=directoryadmin"
24 :       password="pass">


I am totally clueless.  I got this information out of the "ColdFusion MX: The complete reference" book...chapter 17.
 
0
Comment
Question by:brianlees
  • 7
  • 6
15 Comments
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10881363
i think you need another & in the filter

filter= "(&(username=#form.Username#) & (Password=#form.Password#))"
0
 

Author Comment

by:brianlees
ID: 10888366
Nope...same error even with the extra &.

Are the attributes themselves incorrect?  I am amazed at the lack of information on this on the web!  Ugh, this would be straightforward if I were an AD genius and CF guru, but I am neither.
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10888568
are there fields in the ldap called username and password?

try this, it will give you a list of the columns in the ldap, CF5+ or maybe MX only can't remember

<CFLDAP NAME="OrgList"
   SERVER="ldapserver"
   ACTION="QUERY"
   ATTRIBUTES="*"
   SCOPE="subtree"
   FILTER="(uid=your_email_id)"
   MAXROWS="1"
   START="c=US">
<cfdump var="#OrgList#">
<CFLOOP query="OrgList">
      <CFIF OrgList.Name eq "ID">
          This is the ID column
      <CFELSE>
            <CFOUTPUT>#OrgList.Name#</cfoutput>
      </CFIF>
      <BR>
</CFLOOP>
<CFSET VARIABLES.OrgListColumns = ValueList(OrgList.Name)>
<CFOUTPUT>#VARIABLES.OrgListColumns#</CFOUTPUT>
0
 

Author Comment

by:brianlees
ID: 10888864
Used this:

<cfldap
   action="query" name="OrgList"
   start="c=US"
   scope="subtree"
   maxrows="1"
   attributes="*" filter="(uid=testuser)"
   server="server" username="user" password="pass">

Got this error:

An error has occured while trying to execute query :[LDAP: error code 1 - 000020D6: SvcErr: DSID-0310067F, problem 5012 (DIR_ERROR), data 0 ].  
One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server  
 
The error occurred in D:\WebsiteDirectories\Portal\WebApps\index.cfm: line 16
 
14 :    scope="subtree"
15 :    maxrows="1"
16 :    attributes="*" filter="(uid=testuser)"
17 :    server="server" username="user" password="pass">
18 : <cfdump var="#OrgList#">
 
0
 

Author Comment

by:brianlees
ID: 10888874
BTW, this is a Windows2000 AD server.
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10888957
what cf version?
0
 

Author Comment

by:brianlees
ID: 10888972
MX 6.1
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 25

Expert Comment

by:James Rodgers
ID: 10889171
the code isn't mine, i was tryiong to get an ldap dump and it won;t work on my server, wrong version but it should work on MX

here's what i have from an ldap dump

MAPI-Recipient
Telephone-Office2
homephone
givenName
postalCode
Company
objectClass
url
co
uid
mail
cn
telephoneNumber
otherMailbox
physicalDeliveryOfficeName
distinguishedName
st
l
postalAddress
rdn
textEncodedORaddress
sn
department
rfc822Mailbox
title

and from what i have been able to tell these are common fields
also my cfldap example does not use & in the filter

<CFLDAP
 SERVER="ldap.bigfoot.com"
 ACTION="QUERY"
 NAME="results"
 START="cn=#name#,c=US"
 FILTER="(cn=#name#)"
 ATTRIBUTES="cn,o,l,st,c,mail,telephonenumber"
 SORT="cn ASC">

0
 

Author Comment

by:brianlees
ID: 10889211
Is your LDAP server an Win2k Active Directory server?
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 10889269
not sure never looked into it, it's in another country, but since everything around here is windows based it probably is win2k
0
 

Author Comment

by:brianlees
ID: 11058388
I answered this one myself.  Here is the proper code:

<cfldap action="QUERY"
            name="VerifyUser"
            attributes="sAMAccountName,cn"
            start="ou=Accounts,dc=company,dc=com"
            filter="(&(sAMAccountName=#Form.UserLogin#))"
            server="adserver.company.com"
            username="#Portal.LDAPQueryName#"
            password="#Portal.LDAPQueryPassword#">
      
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11058427
make sure you contact CS and have your question paq'd and points refunded
0
 
LVL 25

Expert Comment

by:James Rodgers
ID: 11058747
i'll miss the points but no objection, as i am the only expert contributing to the thread there is no need to wait teh 4 days, please paq and refund asap

Jester_48
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11058937
PAQ-ing the question and refunding 125  points

Thanks Jester_48 !

modulo

Community Support Moderator
Experts Exchange
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Suggested Solutions

This is a guide to setting up a new WHM/cPanel Server to be used for web hosting accounts. It is intended for web hosting company administrators and dedicated server owners. For under $99 per month (considering normal rate of Big Data Cetnters like …
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now