billdimit wrote:
> Hi,
> I need to convert all CF LDAP validation pages in my
apps (OpenLDAP) to the
> new AD server validations. No luck so far.
>
> I cannot make an anonymous bind to AD using LDAP so I do
need to bind to AD
> prior to authenticating user. I?ve got a
username/password account created for
> it. I have also been told by System Admin that maybe I
would need to use tha AD
> userPrinciple
>
> The LDAP code that works with the OpenLDAP:
>
> <CFLDAP
> SERVER="ldap.test.com.au"
> PORT="389"
>
USERNAME="uid=#form.username#,ou=people,ou=staff,o=test.com.au"
> PASSWORD="#form.password#"
> ACTION="QUERY"
> NAME="GetLDAPResults"
>
ATTRIBUTES="dn,ou,o,uid,cn,sn,title,mail,l,telephonenumber,roomnumber"
> FILTER="uid=#form.username#"
> START="ou=people,ou=staff,o=test.com.au">
>
> I have tried this code with AD without any success:
>
> <CFLDAP
> SERVER="ad.test.com.au"
> port="389"
> scope="subtree"
> USERNAME="#form.username#,OU=staff,DC=test,DC=com,DC=au"
> PASSWORD="#form.username#"
> ACTION="QUERY"
> NAME="GetLDAPResults"
> ATTRIBUTES="cn,mail"
> filter="(#form.username#)"
> START="OU=staff,DC=test,DC=com,DC=au">
>
> The error message is:
> Authentication failed:[LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334,
> comment: AcceptSecurityContext error, data 525, vece ]
>
> The binding is the problem. How do I bind to AD?
>
> Thanks,
> b.
>
>
All I can tell you is that I don't do anything special with
my
<cfldap...> tag to connect to Active Directory. A
couple of possible
things to look at.
scope="subtree": Active directory can be very picky about
permissions
and if the account you are using in username and password for
*EVER*
branch and leaf of the entire subtree below your starting
point you will
get this error. Try being more specific in your Start and|or
only pick
the current branch until you have isolated what is causing
the problem.
USERNAME="#form.username#,OU=staff,DC=test,DC=com,DC=au":
That is not
the way my username field looks for accessing our active
directory. For
us it goes username="windowsDomain\ADUserName".