Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1003
  • Last Modified:

CFLDAP secure / changing passwords

I am having issues getting the CFLDAP tag to be able to communicate over ( secure="CFSSL_BASIC )

NOTE: I have already exported the key from my LDAP server and imported it into the ColdFusion JRE keystore.  The account I am using to connect is an Active Directory administrator account.

In addition I cannot get it to change an active directory password.
( my end goal )

I have been trying to get some meaningful errors from the server as well but all I get is:
coldfusion.tagext.net.LdapTagException: An error has occured while trying to execute query :simple bind failed: myDomainController.xxx.xxx.edu:636.

Open in new window


My Query ( if I change the port to 636 & add the secure="CFSSL_BASIC" attribute it breaks):
<cfldap action="Query"
	name="ADResult"
	attributes="cn,mail,displayname,dn,memberof,extensionAttribute1,employeeID,sAMAccountName,password,unicodePassword"
	start="cn=users,dc=myDomain,dc=MyDomPart2,dc=edu"
	filter="(&(objectclass=user)(samaccountname=#ReplaceNoCase(userIDx, baseDomain,'')#))"
	server="#domainController#"
    port="389"
	scope = "subtree"
	username="#userID2#"
	password="#pwd2#"
>
	<cfset isLoggedIn = true> 

    <cfcatch>
        <cfset isLoggedIn = false>
    </cfcatch>
</cftry>

Open in new window



My Change Password Query ( also does not work ):
<cftry>
    <cfldap action="modify" 
        modifyType="replace" 
        attributes="password=testing"
        dn="CN=myName,CN=Users,DC=MyDomain,DC=MyDomainPart2,DC=edu" 
        server="#domainController#"
        port="636"
        secure="CFSSL_BASIC"
        username="#userID2#"
        password="#pwd2#"
    > 
    <cfcatch>
    	<cfdump var="#cfcatch#">
    </cfcatch>
</cftry>

Open in new window

0
stu215
Asked:
stu215
  • 4
  • 4
2 Solutions
 
stu215Systems AnalystAuthor Commented:
The bind error seems to have gone away and I am now getting this error:

An error has occured while trying to execute query :[LDAP: error code 16 - 00000057: LdapErr: DSID-0C090B8A, comment: Error in attribute conversion operation, data 0, v1db1 ]. 
One or more of the required attributes may be missing or incorrect or you do not have permissions to execute this operation on the server. 


97 :         secure="CFSSL_BASIC"
98 :         username="#userID2#"
99 :         password="#pwd2#"
100 :     >

Open in new window

0
 
dgrafxCommented:
i had difficulties with cfldap so went to vb script

i write the .vbs below programmatically using desired variables then cfexecute with CF.

save the following as a .vbs file (swapping out the variables for their values of course):

Dim UserName
Dim UserDomain
UserDomain = "#Domain#"
UserName = "#Username#"
Set User = GetObject("WinNT://"& UserDomain &"/"& UserName &"",user)
Dim NewPassword
NewPassword = "#Password#"
Call User.SetPassword(NewPassword)
Set User = Nothing
wScript.Quit

good luck ...
0
 
stu215Systems AnalystAuthor Commented:
I'm running CF on a Linux server though...
( I don't think VB will work there )
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
dgrafxCommented:
Ok so where is AD? Different machine right?
So can you write it on the AD machine (Windows machine) and execute it there as well?
0
 
stu215Systems AnalystAuthor Commented:
Yes, its a different machine.   It is preferred that I not do it this way though...

Is it not possible to change the password with cfldap?

From what I've Googled so far, many suggest that you have to wrap it in Unicode then Base64... I am still getting the same conversion error as above though...  

I've tried a bunch of the following variations with no success:
<cfset newPWD='Testing_666'>
<cfset unicodePwd = newPWD.getBytes("UTF-16LE")/> 
<cfset unicodePwd2 = newPWD.getBytes("UnicodeLittleUnmarked")/> 
<cfset unicodePwd3 = newPWD.getBytes("UTF-16")/> 
<cfset unicodePwd4 = newPWD.getBytes("UTF-8")/> 
<cfset base64Pwd = #ToBase64(unicodePwd)#/> 

Open in new window

0
 
dgrafxCommented:
i was able to add / edit / delete entries to AD using cfldap but was never able to change password with cfldap.
could never find a solution so i looked elsewhere and if on a windows machine then the vbs solution works like a champ.

sorry you can't use it ...
0
 
stu215Systems AnalystAuthor Commented:
Gave up on trying to use CFLdap to change the password and were trying a few opensource solutions or will purchase a module to change passwords...

ManageEngine was the commercial one we are debating on if the open source one does not pan out.

- Was not allowed to use the VBScript solution in our environment
0
 
dgrafxCommented:
Well thanks for the points!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now