8 Replies Latest reply on Jul 30, 2007 5:36 PM by Michael

    CLDAP - Windows 2003 DC

    Mattastic
      Hi Guys,

      Can anyone heklp me with this? I'mhaving terrinble problems trying to get this to work, and I cant find any decent tutorials on the web.

      I keep getting the 'Innapropriate authentication' error message, which isnt very helpful, everytime I try and query my ldap server. We're using the Windows 2003 DC, would this cause problems?

      Here is my code:

      <cfldap
      action="QUERY"
      name="getinfo"
      attributes="cn, displayname, memberof"
      start="CN=Users,DC=halesowen,DC=ac,DC=uk"
      scope="subtree"
      separator="|"
      server="xxx.halesowen.ac.uk"
      username="xxxx"
      password="xxxx"
      filter="(&(objectclass=user)(samaccountname=#UserName#)(memberof=CN=STAFF_GROUP,OU=Intran et Groups,DC=halesowen,DC=ac,DC=uk))">
        • 1. Re: CLDAP - Windows 2003 DC
          cgsj_usa@yahoo.com Level 1
          Your syntax looks correct. So, are you sure that the username and password is correct for accessing that functionality/server? That's what I came across when I first attempted using the cfldap tag.

          I hope that this helps.

          Thanks...Chris
          • 2. Re: CLDAP - Windows 2003 DC
            Mattastic Level 1
            Thanks for your reply.

            Im not getting any errors , just a blank page, do you know if there is some sort of extra security with windows 2003?
            • 3. Re: CLDAP - Windows 2003 DC
              cgsj_usa@yahoo.com Level 1
              Try getting rid of the "memberof" filter. There's no need, since samAccountName should be unique. See if that works. Thanks.

              Chris
              • 4. Re: CLDAP - Windows 2003 DC
                Mattastic Level 1
                Thanks again for your help

                Still no luck, although I dont get an error message, just a blank page.
                • 5. Re: CLDAP - Windows 2003 DC
                  cgsj_usa@yahoo.com Level 1
                  Try encapsulating it with cftry/cfcatch tags and see if that gives you some clues. You can then output the errors, if there are any, using cfcatch.message,cfcatch.details, etc. Also, maybe there's no one with that samAccountName attribute. Where is "username" being defined? Try stripping away the multiple filter requirements. Just use one filter right now - output all users or just one user, but not one user in the user objectclass. Thanks.

                  Chris
                  • 6. Re: CLDAP - Windows 2003 DC
                    Mattastic Level 1
                    Hi Chris,

                    Ive nearly got this working now. JUst one more question, the memberof attribute ,gives the groups with their path, is there anyway I can filter this? As its quite a complicted list and difficult to work with, I just need the group names:

                    CN=SophosAdministrator,CN=Users,DC=xx,DC=ac,DC=uk, CN=SMS,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=Questionnaire,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=ART,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=IT Techie Level 1,CN=Users,DC=xx,DC=ac,DC=uk, CN=WEBMODS,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=LESSON_OBS,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=STAFF_GROUP,OU=Intranet Groups,OU=Groups,DC=xx,DC=ac,DC=uk, CN=webtest,CN=Users,DC=xx,DC=ac,DC=uk, CN=web updaters,CN=Users,DC=xx,DC=ac,DC=uk, CN=Account Operators,CN=Builtin,DC=xx,DC=ac,DC=uk, CN=webmaster,CN=Users,DC=xx,DC=ac,DC=uk, CN=Administrators,CN=Builtin,DC=xx,DC=ac,DC=uk, CN=Domain Admins,CN=Users,DC=xx,DC=ac,DC=uk

                    • 7. Re: CLDAP - Windows 2003 DC
                      cgsj_usa@yahoo.com Level 1
                      Try filtering just by the container (cn) or organization unit (ou)...not the entire memberOf attribute. Thanks.

                      Chris
                      • 8. Re: CLDAP - Windows 2003 DC
                        Michael Level 1
                        First, in case you haven't figured out the first problem, use CFDUMP. Also, make sure you are using a fully-qualified user account name such as "domain\username" or "username@domain.com" in your CFLDAP query.

                        Second, in your CFLDAP query, you need to specify a SEPARATOR attribute of a non-comma character. You can usually get by with a pipe "|" character. That will return a list of pipe-separated group distinguishedNames.

                        You can then loop over that list of group DNs using the pipe as the list separator. Each iteration of the loop will give you the list DN with its own parts separated by commas. Use the ListFirst() function to get the group name including the leading "CN=" characters. You can then remove the "CN=" characters using several methods.

                        M!ke