CFLDAP secure / changing passwords

I am having issues getting the CFLDAP tag to be able to communicate over ( secure="CFSSL_BASIC )

NOTE: I have already exported the key from my LDAP server and imported it into the ColdFusion JRE keystore.  The account I am using to connect is an Active Directory administrator account.

In addition I cannot get it to change an active directory password.
( my end goal )

I have been trying to get some meaningful errors from the server as well but all I get is:
coldfusion.tagext.net.LdapTagException: An error has occured while trying to execute query :simple bind failed: myDomainController.xxx.xxx.edu:636.

Open in new window


My Query ( if I change the port to 636 & add the secure="CFSSL_BASIC" attribute it breaks):
<cfldap action="Query"
	name="ADResult"
	attributes="cn,mail,displayname,dn,memberof,extensionAttribute1,employeeID,sAMAccountName,password,unicodePassword"
	start="cn=users,dc=myDomain,dc=MyDomPart2,dc=edu"
	filter="(&(objectclass=user)(samaccountname=#ReplaceNoCase(userIDx, baseDomain,'')#))"
	server="#domainController#"
    port="389"
	scope = "subtree"
	username="#userID2#"
	password="#pwd2#"
>
	<cfset isLoggedIn = true> 

    <cfcatch>
        <cfset isLoggedIn = false>
    </cfcatch>
</cftry>

Open in new window



My Change Password Query ( also does not work ):
<cftry>
    <cfldap action="modify" 
        modifyType="replace" 
        attributes="password=testing"
        dn="CN=myName,CN=Users,DC=MyDomain,DC=MyDomainPart2,DC=edu" 
        server="#domainController#"
        port="636"
        secure="CFSSL_BASIC"
        username="#userID2#"
        password="#pwd2#"
    > 
    <cfcatch>
    	<cfdump var="#cfcatch#">
    </cfcatch>
</cftry>

Open in new window

LVL 10
stu215Systems AnalystAsked:
Who is Participating?
 
dgrafxConnect With a Mentor Commented:
i had difficulties with cfldap so went to vb script

i write the .vbs below programmatically using desired variables then cfexecute with CF.

save the following as a .vbs file (swapping out the variables for their values of course):

Dim UserName
Dim UserDomain
UserDomain = "#Domain#"
UserName = "#Username#"
Set User = GetObject("WinNT://"& UserDomain &"/"& UserName &"",user)
Dim NewPassword
NewPassword = "#Password#"
Call User.SetPassword(NewPassword)
Set User = Nothing
wScript.Quit

good luck ...
0
 
stu215Systems AnalystAuthor Commented:
The bind error seems to have gone away and I am now getting this error:

An error has occured while trying to execute query :[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 0, v1db1 ]. 
One or more of the required attributes may be missing or incorrect or you do not have permissions to execute this operation on the server. 


97 :         secure="CFSSL_BASIC"
98 :         username="#userID2#"
99 :         password="#pwd2#"
100 :     >

Open in new window

0
 
stu215Systems AnalystAuthor Commented:
I'm running CF on a Linux server though...
( I don't think VB will work there )
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
dgrafxCommented:
Ok so where is AD? Different machine right?
So can you write it on the AD machine (Windows machine) and execute it there as well?
0
 
stu215Systems AnalystAuthor Commented:
Yes, its a different machine.   It is preferred that I not do it this way though...

Is it not possible to change the password with cfldap?

From what I've Googled so far, many suggest that you have to wrap it in Unicode then Base64... I am still getting the same conversion error as above though...  

I've tried a bunch of the following variations with no success:
<cfset newPWD='Testing_666'>
<cfset unicodePwd = newPWD.getBytes("UTF-16LE")/> 
<cfset unicodePwd2 = newPWD.getBytes("UnicodeLittleUnmarked")/> 
<cfset unicodePwd3 = newPWD.getBytes("UTF-16")/> 
<cfset unicodePwd4 = newPWD.getBytes("UTF-8")/> 
<cfset base64Pwd = #ToBase64(unicodePwd)#/> 

Open in new window

0
 
dgrafxConnect With a Mentor Commented:
i was able to add / edit / delete entries to AD using cfldap but was never able to change password with cfldap.
could never find a solution so i looked elsewhere and if on a windows machine then the vbs solution works like a champ.

sorry you can't use it ...
0
 
stu215Systems AnalystAuthor Commented:
Gave up on trying to use CFLdap to change the password and were trying a few opensource solutions or will purchase a module to change passwords...

ManageEngine was the commercial one we are debating on if the open source one does not pan out.

- Was not allowed to use the VBScript solution in our environment
0
 
dgrafxCommented:
Well thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.