I am in the process of upgrading from Coldfusion 9 to Coldfusion 11. My site relies heavily on interaction with Ldap for a variety of permissions assignments. The following code works in CF9, but CF 11 returns an error related to the filter: Attribute validation error for tag CFLDAP.
This is the query:
<cfldap username="myuser@mydomain" password="mypassword" action="query" server="DCNAME" name="UserLevelGroups"
attributes="samaccountname, dn, memberof, directReports, manager, mail" start="dc=vno,dc=mydomain,dc=local" scope="subtree" filter="(&(objectclass=user)(!(|(name=*Service*)(name=*she*)(name=*vho*))(mail=*)))">
The filter works as expected in CF9 and when I run the filter segment manually in active directory administrative center. This is the 64-bit Coldfusion, running on Windows Server 2012 R2. The username and password are identical - the code was literally copied from the version 9 to version 11 installs.
I can run the objectclass filter or any of the name= or mail= filters independently, and they work. The problem seems to in combining them.
The query should be getting users that do not have names containing service, she, or vho, and that have a value filled in for mail. - Just in case I've got the filter screwed up somehow - but as it's written, it functions and returns the expected results in version 9.
If anyone has any suggestions on how to make this query filter work, I would really appreciate it.