0 Replies Latest reply on Dec 13, 2007 8:55 AM by JR "Bob" Dobbs-qSBHQ2

    Use CFLDAP to Determine Groups a User is a Member Of

    JR "Bob" Dobbs-qSBHQ2 Level 3
      I have a website where users login with basic authentication against Windows 2003 Active Directory. The login name, cgi.auth_user is an account user name, sAMAccountName, in active directory.

      The active directory structure has organizational unit "Unit2" as a member of organizational unit "Unit1". The user is a member of one or more groups in Unit2.
      I need to be able to query for the groups that the user is a member of in Unit2. Groups will be added and removed over time so I do not have a static list of groups to query against.


      The following cfldap query returns the desired results however I need a filter value where I can pass the users login (sAMAccountName) instead of the fully quailified member name.
      <cfldap action="query" name="membersData" attributes="name" filter="member=CN=Joe Smith,OU=Unit2,DC=mydomain,DC=com" start="ou=Unit2,ou=Unit1,dc=mydomain,dc=com" server="#servername#" username="#ldapuid#" password="#ldappwd#" separator=";" />



      I would like to be able to use something like:
      <cfldap action="query" name="membersData" attributes="name" filter="member=sAMAccountName=#cgi.auth_user#" start="ou=Unit2,ou=Unit1,dc=mydomain,dc=com" server="#servername#" username="#ldapuid#" password="#ldappwd#" separator=";" />


      What can I use for the filter attribute that will return groups in Unit2 for which cgi.auth_user is a member?

      I am using CF7 on Windows 2003.