Copy link to clipboard
Copied
Copy link to clipboard
Copied
Hello
I assume you have used LDAP Login wizard od Dream weaver. I need help regarding to LDAP authentication since I am not sure about Starting string syntax , plus can I verify the LDAP connection with any userID/Password?
Please if you can help me , I would really appreciate.
Let's suppose my companyname is disney.world.com and servername is LDAP.disney.world.com. What syntax should I use for LDAP in login wizard.
Copy link to clipboard
Copied
Hello,
I just created a login authentication page using Active directory authentication.
Here is an example of the CFLDAP part.. It works great for me.
This would go in your action page..
<cfset count='1'>
<cfif #count# gt 0>
<cftry>
<cfldap action="QUERY"
name="AuthenticateUser"
attributes="samaccountname,dn,mail,description,physicalDeliveryOfficeName"
start="dc=Paris,dc=Disneyworld
maxrows="1"
scope="subtree"
filter="(&(objectclass=user)(samaccountname=#form.username#))"
server="servername.paris.disneyworld"
username="#form.username#"
password="#form.password#">
<cfset LoginMessage = "User #Authenticateuser.username# is logged in">
<cfcatch type="any">
<cfset LoginMessage = "User Authentication Failed">
</cfcatch>
</cftry>
<cfelse>
<cfset LoginMessage = "Username not found">
</cfif>
<cfoutput>#LoginMessage#</cfoutput>
Copy link to clipboard
Copied
Hello !!
Thanks alot for your reply and I am har coding the values , only question is what is "samaccoutname" you are refreing ? and also I am getting message ...
Authentication failed:[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334,
comment: AcceptSecurityContext error, data 525, vece ]
Line 25 is my hardcoded password for testing purpose, does that mean it is communicating with LDAP server but not able to authenticate my password/uerID.
I will really appreciate your help if you can help me sort out this issue.
Copy link to clipboard
Copied
No worries,
The samaccount name is really for old NT 4 logon purposes, it refers to your domain login account name e.g - donald.duck@disney.com It is still applicable for windows 2000 / 2003 environments.
So try hardcoding your samaccount name aswell as your password and test again.
Yes the error message does appear to mean you are comunicating but not authenticating.
Try googling for "AD LDAP attributes" you will find usefull info on all the attributes you can use in cfldap.
Copy link to clipboard
Copied
Hello
Thanks alot for your help and I belive that I am able to communicate with LDAP server but not able to authenticate users.
I have swaped several attributes but no results. Please if you can have a look at my code and see if I am missing any thing which is preventing me with LDAP authentication.
I am not using any Form and harcoding values for Username and Password.
<cfset count='1'>
<cfif #count# gt 0>
<cftry>
<cfldap action="QUERY"
name="AuthenticateUser"
attributes="samaccountname=SMehboob,mail=SMehboob@disneyworld.com,description='GGC\disney (RM126351)',physicalDeliveryOfficeName= NY - Disney World"
start="DC=Disney,DC=World,DC=com"
maxrows="1"
scope="subtree"
filter="(&(objectclass=user)(samaccountname=#username#))"
server="ldap.Disney.World.com"
username="#username#"
password="#password#">
<cfset LoginMessage = "User #Authenticateuser.ausername# is logged in">
<cfcatch type="any">
<cfset LoginMessage = "User Authentication Failed">
</cfcatch>
</cftry>
<cfelse>
<cfset LoginMessage = "Username not found">
</cfif>
Copy link to clipboard
Copied
Your "Atributes" atribute is wrong. You cant put any values there.
All you need to do is add the name of the attributes. CFLADP will then return the values of the active directory attributes for you.
Try keeping it simple and only use the "samaccountname" attribute
attributes="samaccountname" (this is xactly how yours should look)
Everything else looks good. Let me know how you get on.
Copy link to clipboard
Copied
it is a good idea i think, while testing, to hard code the username and password.
this is what your code should look like, once you know it works, replace the samacountname in the filter atribute, the username and the password with variables.
<cfset count='1'>
<cfif #count# gt 0>
<cftry>
<cfldap action="QUERY"
name="AuthenticateUser"
attributes="samaccountname"
start="DC=Disney,DC=World,DC=com"
maxrows="1"
scope="subtree"
filter="(&(objectclass=user)(samaccountname=donald.duck@disney.com))"
server="ldap.Disney.World.com"
username=donald.duck@disney.com
password="Iamaduck123">
<cfset LoginMessage = "User #Authenticateuser.username# is logged in">
<cfcatch type="any">
<cfset LoginMessage = "User Authentication Failed">
</cfcatch>
</cftry>
<cfelse>
<cfset LoginMessage = "Username not found">
</cfif>
Copy link to clipboard
Copied
Hello
I really appreciate your help and it has really helped me alot. I am stuck now at this error message when trying to authenticate user/pswrd.
*****************************************************************************************************************************************************************************************************************************************
Authentication failed:[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<cfldap action="QUERY"
name="AuthenticateUser"
<--- I have also tried using different LDAP attributes like cn, UserPrincipalName and so forth but still getting = AcceptSecurityContext error, data 525. I have contacted my LDAP Admin and he has no idea why this issue is coming.I can see all users in LDAP and trying to authenticate each one of them but still same error.
LDAP.cfm
attributes="samaccountname"
start="DC=Disney,DC=World,DC=com"
maxrows="1"
scope="subtree"
filter="(&(objectclass=user)(samaccountname=donald.duck@disney.com))"
server="ldap.Disney.World.com"
username=donald.duck@disney.com
LINE 19:::>>> password="Iamaduck123">
I am really sorry to bother you and I deeply appreciate your time and knowledge.
Copy link to clipboard
Copied
Hello
Thanks alot for your help and it worked by correcting 2 things in the my LDAP hard coded page, since I was putting
1- Userid=smehboob alone ,however it is looking for a full domian like UserId= smehboob@disney.world.com
Now tricky part is how to attach input of uers with Disney.world.com so that it can be passed to LDAP for varification since I donot want users to put their full Userid=userid.disney.world.com. Any suggestions!
2- I have also changed attritbutes to
attributes="userPrincipalName,Username,Password"
Since these are the three things I am taking as an inputs. So my understasing is that we should match our inputs with attributes otherwise there will be a mismatch and will give us Authentication Failed message.
Copy link to clipboard
Copied
1. I would make the user id a variable in the LDAP query but hard code the DNS bit
username=#form.userid#.disney.world.com
Thats how I do it and I hope thats what you meant.
Im not sure if it will work for a user id with an user@disneyworld.com account
if it doesnt then you should be able to solve it with some conditional code i would have thought.
2. Yeah that sounds better then the way I do it, I only use the samaccount name rather the userprinciplename becuase of pre windows 2000 logins.