CLDAP - Windows 2003 DC

Report · Jul 05, 2007

Hi Guys,

Can anyone heklp me with this? I'mhaving terrinble problems trying to get this to work, and I cant find any decent tutorials on the web.

I keep getting the 'Innapropriate authentication' error message, which isnt very helpful, everytime I try and query my ldap server. We're using the Windows 2003 DC, would this cause problems?

Here is my code:

<cfldap
action="QUERY"
name="getinfo"
attributes="cn, displayname, memberof"
start="CN=Users,DC=halesowen,DC=ac,DC=uk"
scope="subtree"
separator="|"
server="xxx.halesowen.ac.uk"
username="xxxx"
password="xxxx"
filter="(&(objectclass=user)(samaccountname=#UserName#)(memberof=CN=STAFF_GROUP,OU=Intranet Groups,DC=halesowen,DC=ac,DC=uk))">

Report · Jul 06, 2007

Your syntax looks correct. So, are you sure that the username and password is correct for accessing that functionality/server? That's what I came across when I first attempted using the cfldap tag.

I hope that this helps.

Thanks...Chris

Report · Jul 16, 2007

Thanks for your reply.

Im not getting any errors , just a blank page, do you know if there is some sort of extra security with windows 2003?

Report · Jul 16, 2007

Try getting rid of the "memberof" filter. There's no need, since samAccountName should be unique. See if that works. Thanks.

Chris

Report · Jul 16, 2007

Thanks again for your help

Still no luck, although I dont get an error message, just a blank page.

Report · Jul 16, 2007

Try encapsulating it with cftry/cfcatch tags and see if that gives you some clues. You can then output the errors, if there are any, using cfcatch.message,cfcatch.details, etc. Also, maybe there's no one with that samAccountName attribute. Where is "username" being defined? Try stripping away the multiple filter requirements. Just use one filter right now - output all users or just one user, but not one user in the user objectclass. Thanks.

Chris

Report · Jul 24, 2007

Hi Chris,

Ive nearly got this working now. JUst one more question, the memberof attribute ,gives the groups with their path, is there anyway I can filter this? As its quite a complicted list and difficult to work with, I just need the group names:

CN=SophosAdministrator,CN=Users,DC=xx,DC=ac,DC=uk, CN=SMS,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=Questionnaire,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=ART,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=IT Techie Level 1,CN=Users,DC=xx,DC=ac,DC=uk, CN=WEBMODS,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=LESSON_OBS,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=STAFF_GROUP,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=webtest,CN=Users,DC=xx,DC=ac,DC=uk, CN=web updaters,CN=Users,DC=xx,DC=ac,DC=uk, CN=Account Operators,CN=Builtin,DC=xx,DC=ac,DC=uk, CN=webmaster,CN=Users,DC=xx,DC=ac,DC=uk, CN=Administrators,CN=Builtin,DC=xx,DC=ac,DC=uk, CN=Domain Admins,CN=Users,DC=xx,DC=ac,DC=uk

Report · Jul 24, 2007

Try filtering just by the container (cn) or organization unit (ou)...not the entire memberOf attribute. Thanks.

Chris

Report · Jul 30, 2007

First, in case you haven't figured out the first problem, use CFDUMP. Also, make sure you are using a fully-qualified user account name such as "domain\username" or "username@domain.com" in your CFLDAP query.

Second, in your CFLDAP query, you need to specify a SEPARATOR attribute of a non-comma character. You can usually get by with a pipe "|" character. That will return a list of pipe-separated group distinguishedNames.

You can then loop over that list of group DNs using the pipe as the list separator. Each iteration of the loop will give you the list DN with its own parts separated by commas. Use the ListFirst() function to get the group name including the leading "CN=" characters. You can then remove the "CN=" characters using several methods.

M!ke

Adobe Community

CLDAP - Windows 2003 DC