Copy link to clipboard
Copied
Hello!
I am trying to integrate LDAP authentication with a CF8 application. My index.cfm file posts to my ldap.cfm file, and when the username and password are entered into the form I get the error: Element RECORDCOUNT in undefined in USERLOOKUP.
Here is my ldap.cfm file (I have sanitized the server and start so I don't post any senstive infomation):
cfparam name="user_id" default="#form.username#">
<cfparam name="username" default="#form.username#">
<cfparam name="passwd" default="#form.passwd#">
<cfparam name="error" default="NO ERRORS">
<cfparam name="firstName" default="">
<cfparam name="lastName" default="">
<cfparam name="defaultErrorMsg" default="There was a problem with your username/password.">
<!--- use generic message to complicate hacking --->
<!--- query ldap to see if the user exists --->
<cftry>
<cfldap name="userLookup"
action="query"
scope="subtree"
server="ldap.edu"
port="389"
attributes="uid,dn,cn,sn"
referral="0"
filter="(&(uid=#username#))"
start="cn=group,ou=Groups,dc=edu" />
<cfcatch type="any">
<cfset error = defaultErrorMsg>
</cfcatch>
</cftry>
<!--- if a single row is returned, bind to authenticate --->
<cfif #userLookup.recordcount# EQ 1 >
<cftry>
<cfldap name="userBind"
action="query"
scope="subtree"
server="ldap.edu"
port="389"
username="#userLookup.dn#"
password="#passwd#"
attributes="dn"
filter="(objectClass=*)"
referral="0"
start="#userLookup.dn#" />
<cfcatch type="any">
<cfset error = defaultErrorMsg>
</cfcatch>
</cftry>
<cfset firstName = LEFT( Mid( userLookup.cn, 1, FindOneOf( " ", userLookup.cn ) ), 20 )>
<cfset lastName = LEFT( userLookup.sn, 30 )>
<cfelse>
<cfset error = defaultErrorMsg>
</cfif>
Can anyone help me get past this error? If more information is needed, please provide an email address that I can use to respond. Thank you for your time.
Copy link to clipboard
Copied
Check what is being returned by your <cfldap...> call.
I suspect your ldap call is failing, and the logic is going through the <cfcatch...> block of your code. But that block doesn't do anything but set a variable.
Then your code tries to execute a comparison on data that will only exist if the <cfldap...> call is sucessful.
Copy link to clipboard
Copied
Thank you for your suggestion, Ian. I placed <cfdump var="cfcatch#> between the <cfcatch></cfcatch> tags but didn't get any further information. Is there another way to do it?
Copy link to clipboard
Copied
No, if there was anything to catch that would be showing it.
Also put a <cfdump var="#userLookup#"> right after the <cfldap...> tag to see what it is returning if anything.
I would aslo put a <cfabort.> there just to stop any futher processing until I knew what is happening.
Copy link to clipboard
Copied
That didn't return anything either. I know the user name and password that
I am passing through the form is correct. Is there another way to
accomplish LDAP authentication or am I on the right track with this? I have
been working on this for over 3 weeks, and haven't made any progress.
Copy link to clipboard
Copied
What do you mean "did not return anything"? Nothing, and empty screen? Or just something you did not expect? It should be returning something, an error and empty structure, strange data, something.
You seem to be doing what I more or less do. The only difference I see is that we often use a ColdFusion user which has been given the desired permissions on the Active Directory Ldap server. But for authentication, we do exactly what you are doing.
<cfldap action="query"
server="#variables.ldapConfig.server#"
name="qUser"
start="#variables.ldapConfig.start#"
filter="samaccountname=#getProperty('samaccountname')#"
username="#variables.ldapConfig.domain#\#getProperty('samaccountname')#"
password="#arguments.password#"
attributes = "#variables.ldapConfig.attributes#">
<cfcatch type="application">
<!--- If Authentication failed message is returned, return false --->
<cfif uCase(listFirst(cfcatch.Message,":")) EQ "AUTHENTICATION FAILED">
<cfset returnValue = false>
<cfelse>
<!--- Else rethrow any other type of exception --->
<cfrethrow>
</cfif>
</cfcatch>
</cftry>
I did just notice that we use a domain\username in the username property not just the username.
Copy link to clipboard
Copied
Thank you for the tips. The additional <cfcatch> did not return any different information. I am still getting the element RECORDCOUNT is undefined in USERLOOKUP error with 500 - Internal server error: There is a problem with the resource you are looking for, and it cannot be displayed.
If you think the code I provided looks ok, then I will take a look at some of the other files to see if they are causing the error. The ldap.cfm posts to the login_action.cfm so maybe there is something in that one that is causing the problem?