• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 176
  • Last Modified:

Coldfusion and cfldap using SSL

Hi experts.  I am using Coldfusion 5 on IIS6 server and SQL SERVER 2000.

I got the code to work without SSL.  However, I want to take it one step further and use SSL to secure the transmission between my web form and the Active Directory server.

I looked at Coldfusion's cfldap function and the attribute secure but I don't understand it.

Please let me know the steps to accomplish this.

Here's my code:

1. ldap_authenticate4a.cfm

<cfoutput>        
      <form action="ldap_authenticate4b.cfm" method="POST">        
            <p>Enter a your login and pwd to see if you authenticate        
            <p>Username <input type="Text" name="username" <cfif (IsDefined("form.username") AND form.username is not "")>value="#form.username#"</cfif>>        
            <br>password<input type="password" name="password"             <cfif (IsDefined("form.password") AND form.password is not "")>value="#form.password#"</cfif>>        
            <br><input type="Submit" value="Login" name="">      
      </form>  
</cfoutput>



2. ldap_authenticate4b.cfm

<cfparam name="logindomain" default="shc.org">  
<cfparam name="ldapServer" default="xxxxx">  
<cfparam name="dcStart" default="dc=shc,dc=org">    
<cfif IsDefined("form.username") AND form.username is not "" AND IsDefined("form.password") AND form.password is not "">         
      <cftry>  
            <cfset isValid=0>                
            <cfldap action="query"                        
                        name="Results"                        
                        server="#ldapServer#"                        
                        start="#dcStart#"  
                        filter="(&(objectclass=user)(SamAccountName=#form.username#))"
                        username="#form.username#@#logindomain#"                        
                                                                  password="#form.password#"
                        attributes="sAMAccountName"
                        scope="subtree"
                        rebind="Yes">
                        <cfif results.recordcount is 1>
                        <cfset isValid=1>
                    </cfif>

                                 <cfcatch>
                <cfset isValid=0>
            </cfcatch>
      </cftry>  


  <cfoutput>      
      <cfif isValid>
            The IsValid value=#isValid# , username=#results.sAMAccountName#
            <p>You are authenticated</p>
      <cfelse>                
            <p>Get out foul beast!  </p>      
      </cfif>      
  </cfoutput>



<cfelse>
      <p>Username or Password is incorrect.</p>
</cfif>
0
paultran00
Asked:
paultran00
  • 8
  • 5
  • 2
  • +1
2 Solutions
 
dgrafxCommented:
here are the Adobe docs on the subject
http://helpx.adobe.com/coldfusion/kb/coldfusion-mx-configuring-secure-ssl.html

and here is another Experts-Exchange post on the subject
http://www.experts-exchange.com/Database/Miscellaneous/Q_24925241.html
0
 
paultran00Author Commented:
TO dgrafx:

A. What is Coldfusion MX?   My production server has coldfusion 5.

B. Instructions say "1 a.Start iPlanet administrator console.".  Is that installed?  How do I run it?


C.  Is it possible to test this on my WIndowsXP workstation before I put it in the production server which has Windows 2003?
0
 
paultran00Author Commented:
D.  The instructions say "Unlike ColdFusion 5, the cert7.db file is not needed any more.".  However, I am using CF5 which needs the cert7.db file so how do I do this?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
dgrafxCommented:
cert7.db file
http://kb.juniper.net/InfoCenter/index?page=content&id=KB23256

mx is the name cf adopted for ver 7 - I believe you can ignore that
iplanet is a webserver - just find comparable area in whatever webserver you are using
0
 
_agx_Commented:
(no points... )

> What is Coldfusion MX?

MX is the name given to ColdFusion 6. It was a big change in the CF internals. As of MX, CF switched to being written in java, instead of C++ (like CF5 and earlier).
0
 
dgrafxCommented:
sorry - it's been awhile ...
0
 
_agx_Commented:
Only reason I remember is because I skipped CF5 :)
0
 
paultran00Author Commented:
To dgrafx:

The instructions you suggested is for Coldfusion MX which is written in Java for CF6 on.  http://helpx.adobe.com/coldfusion/kb/coldfusion-mx-configuring-secure-ssl.html


Does anyone know how to do it for CF5 which is written in C?
0
 
dgrafxCommented:
did you look through the CF 5 docs I sent you a link to?
0
 
paultran00Author Commented:
Yes, http://helpx.adobe.com/coldfusion/kb/coldfusion-mx-configuring-secure-ssl.html  talks about JRE which is Java (which is what CF6 and newer has) but I'm using the older CF5.
0
 
dgrafxCommented:
no - i posted a link to the entire CF 5 docs - remember ?
u wanted to know if CF 5 had cfldap ...
0
 
paultran00Author Commented:
CF5 with cfldap is working without SSL currently; I want to take it to the next step which is to use SSL with CF5.
0
 
dgrafxCommented:
come on paul - work with me ...
check your CF5 docs to see if there is something about ssl & cfldap!
0
 
GaryCommented:
I've requested that this question be deleted for the following reason:

The question has either no comments or not enough useful information to be called an "answer".
0
 
dgrafxCommented:
I object to the deletion

In posters previous post: http://www.experts-exchange.com/Web_Development/WebApplications/Q_28486397.html
I posted a link to the CF 5 docs which again are: https://www.adobe.com/support/documentation/en/coldfusion/documentation50.html
Here is an excerpt from those docs that speaks of secure cfldap connections: http://www.eww.com.hk/cfdocs/CFML_Reference/Tags-pt165.html

Above in this post I told the poster to read through the CF 5 docs.
Read the last 6 posts above.
He seemed to "forget" what we had been talking about in his last post and earlier in this one as well.

Plus it was the poster who quit participating in this question.
I would have continued to try and help if he hadn't dropped out of site.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 8
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now