10 Replies Latest reply on Jun 2, 2009 3:00 PM by weggers

    Login Wizard and LDAP

    Manweevil
      I try creating a login page that will authenticate users against their active directory accounts, and it will verify when I run the wizard, but when its finished, it says "Your login information is not valid. Please Try again" and after 3 tries it just goes to a blank page. Anyone seen this before and do I need to do anything to get it to work with Active Directory
        • 1. Re: Login Wizard and LDAP
          shujaatsyed7 Level 1

          Hello

           

          I assume you have used LDAP Login wizard od Dream weaver. I need help regarding to LDAP authentication since I am not sure about Starting string syntax , plus can I verify the LDAP connection with any userID/Password?

           

          Please if you can help me , I would really appreciate.

           

          Let's suppose my companyname is disney.world.com and servername is LDAP.disney.world.com. What syntax should I use for LDAP in login wizard. 

          • 2. Re: Login Wizard and LDAP
            weggers

            Hello,

             

            I just created a login authentication page using Active directory authentication.

            Here is an example of the CFLDAP part.. It works great for me.

             

            This would go in your action page..

             

            <cfset count='1'>

            <cfif #count# gt 0>
                <cftry>
                    <cfldap action="QUERY"
                        name="AuthenticateUser"
                        attributes="samaccountname,dn,mail,description,physicalDeliveryOfficeName"
                        start="dc=Paris,dc=Disneyworld
                        maxrows="1"
                        scope="subtree"
                        filter="(&(objectclass=user)(samaccountname=#form.username#))"
                        server="servername.paris.disneyworld"
                        username="#form.username#"
                        password="#form.password#">

             

                      <cfset LoginMessage = "User #Authenticateuser.username# is logged in">
                   
                    <cfcatch type="any">
                        <cfset LoginMessage = "User Authentication Failed">
                    </cfcatch>
                </cftry>
            <cfelse>
                <cfset LoginMessage = "Username not found">
            </cfif>

             

            <cfoutput>#LoginMessage#</cfoutput>

            • 3. Re: Login Wizard and LDAP
              shujaatsyed7 Level 1

              Hello !!

               

              Thanks alot for your reply and I am har coding the values , only question is what is "samaccoutname" you are refreing ? and also I am getting message ...

               

               

              Exceptions

               

              13:13:54.054 - Application Exception - in D:\Inetpub\wwwroot\LDAP\ldap.cfm : line 25
              Authentication failed:[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, 
              comment: AcceptSecurityContext error, data 525, vece ]

               

              Line 25 is my hardcoded password for testing purpose, does that mean it is communicating with LDAP server but not able to authenticate my password/uerID.

               

              I will really appreciate your help if you can help me sort out this issue.



               
              • 4. Re: Login Wizard and LDAP
                weggers Level 1

                No worries,

                 

                The samaccount name is really for old NT 4 logon purposes, it refers to your domain login account name e.g - donald.duck@disney.com It is still applicable for windows 2000 / 2003 environments.

                So try hardcoding your samaccount name aswell as your password and test again.

                 

                Yes the error message does appear to mean you are comunicating but not authenticating.

                 

                Try googling for "AD LDAP attributes" you will find usefull info on all the attributes you can use in cfldap. 

                • 5. Re: Login Wizard and LDAP
                  shujaatsyed7 Level 1

                  Hello

                   

                  Thanks alot for your help and I belive that I am able to communicate with LDAP server but not able to authenticate users.

                  I have swaped several attributes but no results. Please if you can have a look at my code and see if I am missing any thing which is preventing me with LDAP authentication.

                  I am not using any Form and harcoding values for Username and Password.

                   

                   

                  <cfset count='1'>
                  <cfif #count# gt 0>
                      <cftry>
                          <cfldap action="QUERY"
                              name="AuthenticateUser"
                             
                              attributes="samaccountname=SMehboob,mail=SMehboob@disneyworld.com,description='GGC\disney (RM126351)',physicalDeliveryOfficeName= NY - Disney World"
                              start="DC=Disney,DC=World,DC=com"
                                maxrows="1"
                              scope="subtree"
                                   
                               filter="(&(objectclass=user)(samaccountname=#username#))"
                                         
                              server="ldap.Disney.World.com"
                             username="#username#"
                              password="#password#">
                            

                            <cfset LoginMessage = "User #Authenticateuser.ausername# is logged in">
                         
                          <cfcatch type="any">
                              <cfset LoginMessage = "User Authentication Failed">
                          </cfcatch>
                      </cftry>
                  <cfelse>
                      <cfset LoginMessage = "Username not found">
                  </cfif>

                  • 6. Re: Login Wizard and LDAP
                    weggers Level 1

                    Your "Atributes" atribute is wrong. You cant put any values there.

                     

                    All you need to do is add the name of the attributes. CFLADP will then return the values of the active directory attributes for you.

                     

                    Try keeping it simple and only use the "samaccountname" attribute

                     

                    attributes="samaccountname" (this is xactly how yours should look)

                     

                    Everything else looks good. Let me know how you get on.

                    • 7. Re: Login Wizard and LDAP
                      weggers Level 1

                      it is a good idea i think, while testing, to hard code the username and password.

                       

                      this is what your code should look like, once you know it works, replace the samacountname in the filter atribute, the username and the password with variables.

                       

                      <cfset count='1'>

                      <cfif #count# gt 0>

                          <cftry>

                              <cfldap action="QUERY"

                                  name="AuthenticateUser"

                                  attributes="samaccountname"

                                  start="DC=Disney,DC=World,DC=com"

                                  maxrows="1"

                                  scope="subtree" 

                                  filter="(&(objectclass=user)(samaccountname=donald.duck@disney.com))"         

                                  server="ldap.Disney.World.com"

                                  username=donald.duck@disney.com

                                  password="Iamaduck123">

                       

                              <cfset LoginMessage = "User #Authenticateuser.username# is logged in">

                            

                              <cfcatch type="any">

                                  <cfset LoginMessage = "User Authentication Failed">

                              </cfcatch>

                          </cftry>

                      <cfelse>

                          <cfset LoginMessage = "Username not found">

                      </cfif>

                       

                       

                       

                       

                      • 8. Re: Login Wizard and LDAP
                        shujaatsyed7 Level 1

                        Hello

                         

                        I really appreciate your help and it has really helped me alot. I am stuck now at this error message when trying to authenticate user/pswrd.

                         

                        ****************************************************************************************** ****************************************************************************************** *****************************************************

                        Exceptions

                         

                        15:32:26.026 - Application Exception - in D:\Inetpub\wwwroot\ProdTech\LDAP.cfm : line 19 (It is a line which contain hardcode password)
                                 Authentication failed:[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]

                         

                        ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++

                        <cfldap action="QUERY"
                                    name="AuthenticateUser"
                                    <--- I have also tried using different LDAP attributes like cn, UserPrincipalName and so forth but still getting = AcceptSecurityContext error, data 525. I have contacted my LDAP Admin and he has no idea why this issue is coming.I can see all users in LDAP and trying to authenticate each one of them but still same error. 

                         

                        LDAP.cfm

                         

                                attributes="samaccountname"

                                    start="DC=Disney,DC=World,DC=com"

                                    maxrows="1"

                                    scope="subtree" 

                                    filter="(&(objectclass=user)(samaccountname=donald.duck@disney.com))"         

                                    server="ldap.Disney.World.com"

                         

                                    username=donald.duck@disney.com

                           LINE 19:::>>>    password="Iamaduck123">

                         

                         

                         

                        I am really sorry to bother you and I deeply appreciate your time and knowledge.

                        • 9. It worked: Login Wizard and LDAP
                          shujaatsyed7 Level 1

                          Hello

                           

                          Thanks alot for your help and it worked by correcting 2 things in the my LDAP hard coded page, since I was putting

                           

                          1- Userid=smehboob alone ,however it is looking for a full domian like UserId= smehboob@disney.world.com

                           

                          Now tricky part is how to attach input of uers with Disney.world.com so that it can be passed to LDAP for varification since I donot want users to put their full Userid=userid.disney.world.com. Any suggestions!

                           

                          2- I have also changed attritbutes to

                           

                               attributes="userPrincipalName,Username,Password"

                           

                          Since these are the three things I am taking as an inputs. So my understasing is that we should match our inputs with attributes otherwise there will be a mismatch and will give us Authentication Failed message.

                          • 10. Re: It worked: Login Wizard and LDAP
                            weggers Level 1

                            1. I would make the user id a variable in the LDAP query but hard code the DNS bit

                             

                            username=#form.userid#.disney.world.com

                             

                            Thats how I do it and I hope thats what you meant.

                             

                            Im not sure if it will work for a user id with an user@disneyworld.com account

                            if it doesnt then you should be able to solve it with some conditional code i would have thought.

                             

                            2. Yeah that sounds better then the way I do it, I only use the samaccount name rather the userprinciplename becuase of pre windows 2000 logins.