2 Replies Latest reply on Jun 1, 2007 7:06 AM by Newsgroup_User

    Getting user rolls from Active Directory

    P.B.T.
      On my companies intranet, we have IIS configured so that it uses integrated windows authentication. What I want to do is get a list of groups the current logged in user belongs too.

      I have looked at cfNTauthenticate, but for that to work, you need the user to provide their windows password within the web application and I do not want them to have to do this - I just what to grant or deny access based on the currently logged on user and a specific set of groups.

      Any ideas....?
      Thanks, Paul.
        • 1. Re: Getting user rolls from Active Directory
          P.B.T. Level 1
          Does anyone have any idea about how to achieve this?

          Any help at all would be gratefully received...

          Thanks, Paul.
          • 2. Re: Getting user rolls from Active Directory
            Level 7
            P.B.T. wrote:
            > On my companies intranet, we have IIS configured so that it uses integrated
            > windows authentication
            . What I want to do is get a list of groups the
            > current logged in user belongs too.
            >
            > I have looked at cfNTauthenticate, but for that to work, you need to
            > provide the users windows password within the web application and I do not want
            > used to have to enter a password - I just what to grant or deny access based on
            > the currently logged on user and a specific set of groups?
            >
            > Any ideas....?
            > Thanks, Paul.
            >

            If you have integrated windows authentication turned on AND anonymous
            access turned off, cgi.auth_user will be populated the the domain\userID
            of the user logged into the client accessing the web resource. You can
            use this value in a <cfldap ...> call to get the users data from Active
            Directory.

            Here is how we do it on our intranet.

            <cfldap
            name="Entity" username="xxx" password="xxx"
            server="xxx"
            action="query"
            attributes="displayname,mail,sn,cn,givenName,memberOf,..."
            scope="subtree" start="DC=smfbc,DC=org"
            filter =
            "(&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=smfbc,DC=org)(samAccountName=# arguments.userid#))">