• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Login Wizard and LDAP

New Here ,
May 03, 2006 May 03, 2006

Copy link to clipboard

Copied

I try creating a login page that will authenticate users against their active directory accounts, and it will verify when I run the wizard, but when its finished, it says "Your login information is not valid. Please Try again" and after 3 tries it just goes to a blank page. Anyone seen this before and do I need to do anything to get it to work with Active Directory
TOPICS
Advanced techniques

Views

1.9K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 27, 2009 May 27, 2009

Copy link to clipboard

Copied

Hello

I assume you have used LDAP Login wizard od Dream weaver. I need help regarding to LDAP authentication since I am not sure about Starting string syntax , plus can I verify the LDAP connection with any userID/Password?

Please if you can help me , I would really appreciate.

Let's suppose my companyname is disney.world.com and servername is LDAP.disney.world.com. What syntax should I use for LDAP in login wizard. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
May 28, 2009 May 28, 2009

Copy link to clipboard

Copied

Hello,

I just created a login authentication page using Active directory authentication.

Here is an example of the CFLDAP part.. It works great for me.

This would go in your action page..

<cfset count='1'>

<cfif #count# gt 0>
    <cftry>
        <cfldap action="QUERY"
            name="AuthenticateUser"
            attributes="samaccountname,dn,mail,description,physicalDeliveryOfficeName"
            start="dc=Paris,dc=Disneyworld
            maxrows="1"
            scope="subtree"
            filter="(&(objectclass=user)(samaccountname=#form.username#))"
            server="servername.paris.disneyworld"
            username="#form.username#"
            password="#form.password#">

          <cfset LoginMessage = "User #Authenticateuser.username# is logged in">
       
        <cfcatch type="any">
            <cfset LoginMessage = "User Authentication Failed">
        </cfcatch>
    </cftry>
<cfelse>
    <cfset LoginMessage = "Username not found">
</cfif>

<cfoutput>#LoginMessage#</cfoutput>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 28, 2009 May 28, 2009

Copy link to clipboard

Copied

Hello !!

Thanks alot for your reply and I am har coding the values , only question is what is "samaccoutname" you are refreing ? and also I am getting message ...

Exceptions

13:13:54.054 - Application Exception - in D:\Inetpub\wwwroot\LDAP\ldap.cfm : line 25
Authentication failed:[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, 
comment: AcceptSecurityContext error, data 525, vece ]

Line 25 is my hardcoded password for testing purpose, does that mean it is communicating with LDAP server but not able to authenticate my password/uerID.

I will really appreciate your help if you can help me sort out this issue.



 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
May 29, 2009 May 29, 2009

Copy link to clipboard

Copied

No worries,

The samaccount name is really for old NT 4 logon purposes, it refers to your domain login account name e.g - donald.duck@disney.com It is still applicable for windows 2000 / 2003 environments.

So try hardcoding your samaccount name aswell as your password and test again.

Yes the error message does appear to mean you are comunicating but not authenticating.

Try googling for "AD LDAP attributes" you will find usefull info on all the attributes you can use in cfldap. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 31, 2009 May 31, 2009

Copy link to clipboard

Copied

Hello

Thanks alot for your help and I belive that I am able to communicate with LDAP server but not able to authenticate users.

I have swaped several attributes but no results. Please if you can have a look at my code and see if I am missing any thing which is preventing me with LDAP authentication.

I am not using any Form and harcoding values for Username and Password.

 

<cfset count='1'>
<cfif #count# gt 0>
    <cftry>
        <cfldap action="QUERY"
            name="AuthenticateUser"
           
            attributes="samaccountname=SMehboob,mail=SMehboob@disneyworld.com,description='GGC\disney (RM126351)',physicalDeliveryOfficeName= NY - Disney World"
            start="DC=Disney,DC=World,DC=com"
              maxrows="1"
            scope="subtree"
                 
             filter="(&(objectclass=user)(samaccountname=#username#))"
                       
            server="ldap.Disney.World.com"
           username="#username#"
            password="#password#">
          

          <cfset LoginMessage = "User #Authenticateuser.ausername# is logged in">
       
        <cfcatch type="any">
            <cfset LoginMessage = "User Authentication Failed">
        </cfcatch>
    </cftry>
<cfelse>
    <cfset LoginMessage = "Username not found">
</cfif>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jun 01, 2009 Jun 01, 2009

Copy link to clipboard

Copied

Your "Atributes" atribute is wrong. You cant put any values there.

All you need to do is add the name of the attributes. CFLADP will then return the values of the active directory attributes for you.

Try keeping it simple and only use the "samaccountname" attribute

attributes="samaccountname" (this is xactly how yours should look)

Everything else looks good. Let me know how you get on.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jun 01, 2009 Jun 01, 2009

Copy link to clipboard

Copied

it is a good idea i think, while testing, to hard code the username and password.

this is what your code should look like, once you know it works, replace the samacountname in the filter atribute, the username and the password with variables.

<cfset count='1'>

<cfif #count# gt 0>

    <cftry>

        <cfldap action="QUERY"

            name="AuthenticateUser"

            attributes="samaccountname"

            start="DC=Disney,DC=World,DC=com"

            maxrows="1"

            scope="subtree" 

            filter="(&(objectclass=user)(samaccountname=donald.duck@disney.com))"         

            server="ldap.Disney.World.com"

            username=donald.duck@disney.com

            password="Iamaduck123">

        <cfset LoginMessage = "User #Authenticateuser.username# is logged in">

      

        <cfcatch type="any">

            <cfset LoginMessage = "User Authentication Failed">

        </cfcatch>

    </cftry>

<cfelse>

    <cfset LoginMessage = "Username not found">

</cfif>

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 02, 2009 Jun 02, 2009

Copy link to clipboard

Copied

Hello

I really appreciate your help and it has really helped me alot. I am stuck now at this error message when trying to authenticate user/pswrd.

*****************************************************************************************************************************************************************************************************************************************

Exceptions

15:32:26.026 - Application Exception - in D:\Inetpub\wwwroot\ProdTech\LDAP.cfm : line 19 (It is a line which contain hardcode password)
         Authentication failed:[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

<cfldap action="QUERY"
            name="AuthenticateUser"
            <--- I have also tried using different LDAP attributes like cn, UserPrincipalName and so forth but still getting = AcceptSecurityContext error, data 525. I have contacted my LDAP Admin and he has no idea why this issue is coming.I can see all users in LDAP and trying to authenticate each one of them but still same error. 

LDAP.cfm

        attributes="samaccountname"

            start="DC=Disney,DC=World,DC=com"

            maxrows="1"

            scope="subtree" 

            filter="(&(objectclass=user)(samaccountname=donald.duck@disney.com))"         

            server="ldap.Disney.World.com"

            username=donald.duck@disney.com

   LINE 19:::>>>    password="Iamaduck123">

I am really sorry to bother you and I deeply appreciate your time and knowledge.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 02, 2009 Jun 02, 2009

Copy link to clipboard

Copied

Hello

Thanks alot for your help and it worked by correcting 2 things in the my LDAP hard coded page, since I was putting

1- Userid=smehboob alone ,however it is looking for a full domian like UserId= smehboob@disney.world.com

Now tricky part is how to attach input of uers with Disney.world.com so that it can be passed to LDAP for varification since I donot want users to put their full Userid=userid.disney.world.com. Any suggestions!

2- I have also changed attritbutes to

     attributes="userPrincipalName,Username,Password"

Since these are the three things I am taking as an inputs. So my understasing is that we should match our inputs with attributes otherwise there will be a mismatch and will give us Authentication Failed message.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Jun 02, 2009 Jun 02, 2009

Copy link to clipboard

Copied

LATEST

1. I would make the user id a variable in the LDAP query but hard code the DNS bit

username=#form.userid#.disney.world.com

Thats how I do it and I hope thats what you meant.

Im not sure if it will work for a user id with an user@disneyworld.com account

if it doesnt then you should be able to solve it with some conditional code i would have thought.

2. Yeah that sounds better then the way I do it, I only use the samaccount name rather the userprinciplename becuase of pre windows 2000 logins.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation