• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2396
  • Last Modified:

LDAP

Hi,

I need to have users authenticate against LDAP.  I have the following CFLDAP code and am having problems:

<cfldap
server="10.1.1.41"
action="query"
name="getme"
start="o=kant"
filter="cn=johnpa"
attributes="cn,mail">

I get the following error:

An error has occured while trying to execute query :[LDAP: error code 1 - 00000000: LdapErr: DSID-0C0905FF, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece].  
One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server .

The error occurred in C:\CFusionMX\wwwroot\form.cfm: line 11
 
9 :
10 : <cfldap
11 :       server="10.1.1.41"
12 :       action="query"
13 :       name="getme"
 
This is the IP Address to our AD Server.  I've tried the long address kaads.kant.local which is what is in DNS but I get the same error message.  Can anyone help?

Thanks.

John
0
jcpatterson
Asked:
jcpatterson
  • 3
2 Solutions
 
pinaldaveCommented:
is your LDAP server running on default port of 389.
If not in that case you need to specify the port address.
Regards,
---Pinal
0
 
jcpattersonAuthor Commented:
Yes, it is on port 389.  I have a little utility which displays our LDAP information.  Here is what it looks like:

ld = ldap_open("kaads", 389);
Established connection to kaads.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
      1> currentTime: 3/28/2005 16:51:22 Eastern Standard Time Eastern Standard Time;
      1> subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=kant,DC=local;
      1> dsServiceName: CN=NTDS Settings,CN=KAADS,CN=Servers,CN=Farmington,CN=Sites,CN=Configuration,DC=kant,DC=local;
      5> namingContexts: DC=kant,DC=local; CN=Configuration,DC=kant,DC=local; CN=Schema,CN=Configuration,DC=kant,DC=local; DC=DomainDnsZones,DC=kant,DC=local; DC=ForestDnsZones,DC=kant,DC=local;
      1> defaultNamingContext: DC=kant,DC=local;
      1> schemaNamingContext: CN=Schema,CN=Configuration,DC=kant,DC=local;
      1> configurationNamingContext: CN=Configuration,DC=kant,DC=local;
      1> rootDomainNamingContext: DC=kant,DC=local;
0
 
mmc98dl1Commented:
looks to me like you are trying to ask LDAP a question anonymously, try adding in  username="domain\username" password="password" and see if that akes a difference, make sure you use a user on the domain with suitable level of access.

Also, in my experience the filter attribute doesnt look like yours at all.

For example if you want only users returned:

filter="(&(objectclass=user))"

or a specific user by surname:

filter="(&(objectclass=user)(sn=surname*))"
0
 
jcpattersonAuthor Commented:
Hi,

I rewrote the tag with the following example:

<cfldap
      action="query"
      name="getme"
      server="kaads.kant.local"
      port="389"
      username="johnpa"
      password="fishy"
      start="dn=kant"
      filter="cn=johnpa"
      attributes="cn">

I am gett a new error:

Inappropriate authentication  
 
 
The error occurred in C:\CFusionMX\wwwroot\form.cfm: line 19
 
17 :       start="dn=kant"
18 :       filter="cn=johnpa"
19 :       attributes="cn">
20 :
21 : <cfoutput>#cn#</cfoutput>

Your patience is appreciated.


John
0
 
jcpattersonAuthor Commented:
I was able to get it working myself.  I went to Google Groups and there was more information there.  Anyway the answer is to make sure the account being used to query LDAP is a member of Account Operators group.

This question is closed.

Thanks.

John
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now