0 Replies Latest reply on Jun 23, 2006 1:36 PM by Newsgroup_User

    Re: CFLDAP missing attribute or security error

    Level 7
      ok, I found it... re-use of the vaiable username... : -)

      Damn ambiguous error messages.

      Thanks to Ian for taking a look.

      D.

      dnagel wrote:
      > I'm having a bit of trouble getting the CFLDAP Modify query to execute
      > after
      > I tied it into the CFLOOPed query... When I ran it with my own users
      > DN it
      > worked great... it does not work with any other DN. My account has
      > Domain
      > Adminis on this sandboxed server and is capable of making the change
      > by hand
      > using the AD tools inside of MMC... Any suggestions? Thanks,
      >
      > D.
      >
      >
      >
      > <cfset servername = "AD.TESTSITE.com">
      > <cfset username = "DNagel@TESTSITE.com">
      > <cfset password = "PASSWORD">
      > <cfset domain = "TESTSITE">
      > <cfset OU = "ou=Granite">
      >
      > <cfoutput>
      >
      > <CFSet GroupName="TestDistribution">
      > <CFSet GroupDN = "cn=#GroupName#,cn=Users,dc=#domain#,dc=com">
      >
      > <CFQuery name="Users" datasource="GCI_Workforce">
      > Select cast (WBAN8 as varchar(10)) as WBAN8, wbemal from
      > WTWDSECPJ1 where WBEXEMPT ='Y'
      > </CFQuery>
      >
      > <cfldap
      > action="query"
      > server = "#servername#"
      > username = "#username#"
      > password = "#password#"
      > start = "#OU#,dc=#domain#,dc=com"
      > attributes = "dn,employeeNumber"
      > filter = "employeeNumber=*"
      > name = "adDNLookup"
      > scope = "subtree"
      > >
      >
      > <CFQuery Name="JoinUsers" DBType="Query">
      > Select
      > adDNLookup.DN, adDNLookup.employeeNumber
      > from
      > adDNLookup,
      > Users
      > Where
      > adDNLookup.employeeNumber = Users.wban8
      > </CFQuery>
      >
      >
      > <CFLoop Query="JoinUsers">
      >
      > <CFTry>
      >
      > <!---<CFSet UserDN = "member=cn=Dennis
      > Nagel,CN=Users,DC=TESTSITE,DC=com">--->
      > <CFSet UserDN = "member=#DN#">
      > <CFSet UserName="#employeeNumber#">
      >
      > #UserName# #UserDN#<br>
      > <cfldap
      > action="modify"
      > server = "#servername#"
      > username = "#username#"
      > password = "#password#"
      > modifytype="add"
      > attributes = "#UserDN#"
      > dn="#GroupDN#"
      > separator=";"
      > >
      >
      > <cfoutput>#UserName# has been added to the group
      > (#GroupName#).</cfoutput>
      >
      > <cfcatch type="any">
      > <cfif FindNoCase( "ENTRY_EXISTS", cfcatch.message )>
      > <cfoutput>
      > #UserName# is already assigned to the group
      > (#GroupName#).
      > </cfoutput>
      > <cfelse>
      > <cfoutput>
      > Unknown error : #cfcatch.detail#")
      > </cfoutput>
      > <cfabort>
      > </cfif>
      > </cfcatch>
      >
      > </CFTry>
      >
      > </CFLoop>
      > </cfoutput>
      >
      >
      >
      >
      >
      >
      >
      > heres the trace info...
      >
      > 110028 member=CN=Mary Chalfa, OU=PSP_Indio, OU=PSP, OU=GC_Branches,
      > ou=Granite, dc=TESTSITE, dc=com
      > Unknown error : One or more of the required attributes may be
      > missing/incorrect or you do not have permissions to execute this
      > operation on the server")
      >
      >
      >
      >
      >
      >
      >
      > --------------------------------------------------------------------------------
      > Debugging Information ColdFusion Server Enterprise 6,1,0,63958
      > Template /JDE-AD-Sync/JDE-AD-Groups.cfm
      > Time Stamp 22-Jun-06 12:02 PM
      > Locale English (US)
      > User Agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1;
      > .NET CLR 1.1.4322; .NET CLR 1.0.3705)
      > Remote IP 127.0.0.1
      > Host Name 127.0.0.1
      >
      >
      >
      >
      > --------------------------------------------------------------------------------
      > Execution Time
      >
      > Total Time Avg Time Count Template
      > 687 ms 687 ms 1 C:\Inetpub\wwwroot\JDE-AD-Sync\JDE-AD-Groups.cfm
      > 0 ms 0 ms 1 C:\Inetpub\wwwroot\JDE-AD-Sync\Application.cfm
      > 0 ms STARTUP, PARSING, COMPILING, LOADING, & SHUTDOWN
      > 687 ms TOTAL EXECUTION TIME
      > red = over 250 ms average execution time
      >
      >
      > --------------------------------------------------------------------------------
      > Exceptions
      >
      > 12:02:45.045 - Application Exception - in
      > C:\Inetpub\wwwroot\JDE-AD-Sync\JDE-AD-Groups.cfm : line 67
      > An error has occured while trying to execute modify :[LDAP:
      > error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
      > AcceptSecurityContext error, data 525, vece].
      >
      >
      >
      > --------------------------------------------------------------------------------
      > SQL Queries
      >
      > Users (Datasource=GCI_Workforce, Time=47ms, Records=2203) in
      > C:\Inetpub\wwwroot\JDE-AD-Sync\JDE-AD-Groups.cfm @ 12:02:44.044
      >
      > Select cast (WBAN8 as varchar(10)) as WBAN8, wbemal from
      > WTWDSECPJ1 where WBEXEMPT ='Y'
      >
      > JoinUsers (Datasource=, Time=16ms, Records=996) in
      > C:\Inetpub\wwwroot\JDE-AD-Sync\JDE-AD-Groups.cfm @ 12:02:45.045
      >
      > Select
      > adDNLookup.DN, adDNLookup.employeeNumber
      > from
      > adDNLookup,
      > Users
      > Where
      > adDNLookup.employeeNumber = Users.wban8
      >
      >
      >
      > --------------------------------------------------------------------------------
      > Scope Variables
      >
      > Application Variables:
      > applicationname=JDE-AD-Sync
      > ds=GCI_WFD
      >
      > CGI Variables:
      > AUTH_PASSWORD=
      > AUTH_TYPE=
      > AUTH_USER=
      > CERT_COOKIE=
      > CERT_FLAGS=
      > CERT_ISSUER=
      > CERT_KEYSIZE=
      > CERT_SECRETKEYSIZE=
      > CERT_SERIALNUMBER=
      > CERT_SERVER_ISSUER=
      > CERT_SERVER_SUBJECT=
      > CERT_SUBJECT=
      > CF_TEMPLATE_PATH=C:\Inetpub\wwwroot\JDE-AD-Sync\JDE-AD-Groups.cfm
      > CONTENT_LENGTH=0
      > CONTENT_TYPE=
      > CONTEXT_PATH=
      > GATEWAY_INTERFACE=CGI/1.1
      > HTTPS=off
      > HTTPS_KEYSIZE=
      > HTTPS_SECRETKEYSIZE=
      > HTTPS_SERVER_ISSUER=
      > HTTPS_SERVER_SUBJECT=
      > HTTP_ACCEPT=*/*
      > HTTP_ACCEPT_ENCODING=gzip, deflate
      > HTTP_ACCEPT_LANGUAGE=en-us
      > HTTP_CONNECTION=Keep-Alive
      > HTTP_COOKIE=JSESSIONID=36301107041151000811062
      > HTTP_HOST=localhost
      > HTTP_REFERER=
      > HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2;
      > SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)
      > PATH_INFO=/JDE-AD-Sync/JDE-AD-Groups.cfm
      > PATH_TRANSLATED=c:\inetpub\wwwroot\JDE-AD-Sync\JDE-AD-Groups.cfm
      > QUERY_STRING=
      > REMOTE_ADDR=127.0.0.1
      > REMOTE_HOST=127.0.0.1
      > REMOTE_USER=
      > REQUEST_METHOD=GET
      > SCRIPT_NAME=/JDE-AD-Sync/JDE-AD-Groups.cfm
      > SERVER_NAME=localhost
      > SERVER_PORT=80
      > SERVER_PORT_SECURE=0
      > SERVER_PROTOCOL=HTTP/1.1
      > SERVER_SOFTWARE=Microsoft-IIS/6.0
      > WEB_SERVER_API=
      >
      > Cookie Variables:
      > JSESSIONID=36301107041151000811062
      >
      > Server Variables:
      > COLDFUSION=Struct (8)
      > OS=Struct (5)
      >
      > Session Variables:
      > cfid=831
      > cftoken=54562187
      > sessionid=JDE-AD-SYNC_831_54562187
      > urltoken=CFID=831&CFTOKEN=54562187
      >
      > Debug Rendering Time: 63 ms
      >
      >