6 Replies Latest reply on Oct 8, 2009 6:38 AM by ljk123

    Element RECORDCOUNT is undefined in USERLOOKUP

    ljk123

      Hello!

      I am trying to integrate LDAP authentication with a CF8 application.  My index.cfm file posts to my ldap.cfm file, and when the username and password are entered into the form I get the error: Element RECORDCOUNT in undefined in USERLOOKUP.

       

      Here is my ldap.cfm file (I have sanitized the server and start so I don't post any senstive infomation):

       

      cfparam name="user_id" default="#form.username#">
      <cfparam name="username" default="#form.username#">
      <cfparam name="passwd" default="#form.passwd#">
      <cfparam name="error" default="NO ERRORS">
      <cfparam name="firstName" default="">
      <cfparam name="lastName" default="">
      <cfparam name="defaultErrorMsg" default="There was a problem with your username/password.">
      <!--- use generic message to complicate hacking --->

      <!---  query ldap to see if the user exists --->


      <cftry>
      <cfldap name="userLookup"
            action="query"
        scope="subtree"
        server="ldap.edu"
        port="389"
        attributes="uid,dn,cn,sn"
               referral="0"
        filter="(&(uid=#username#))"
        start="cn=group,ou=Groups,dc=edu" />
      <cfcatch type="any">
        <cfset error = defaultErrorMsg>
      </cfcatch>
      </cftry>

      <!---  if a single row is returned, bind to authenticate --->


      <cfif #userLookup.recordcount# EQ 1 >
      <cftry>
        <cfldap name="userBind"
         action="query"
                scope="subtree"
         server="ldap.edu"
         port="389"
         username="#userLookup.dn#"
         password="#passwd#"
         attributes="dn"
         filter="(objectClass=*)"
         referral="0"
         start="#userLookup.dn#" />
            <cfcatch type="any">
         <cfset error = defaultErrorMsg>
            </cfcatch>
         </cftry>
      <cfset firstName = LEFT( Mid( userLookup.cn, 1, FindOneOf( " ", userLookup.cn ) ), 20 )>
      <cfset lastName = LEFT( userLookup.sn, 30 )>

      <cfelse>
      <cfset error = defaultErrorMsg>
      </cfif>

       

      Can anyone help me get past this error?  If more information is needed, please provide an email address that I can use to respond.  Thank you for your time.

        • 1. Re: Element RECORDCOUNT is undefined in USERLOOKUP
          ilssac Level 5

          Check what is being returned by your <cfldap...> call.

           

          I suspect your ldap call is failing, and the logic is going through the <cfcatch...> block of your code.  But that block doesn't do anything but set a variable.

           

          Then your code tries to execute a comparison on data that will  only exist if the <cfldap...> call is sucessful.

          • 2. Re: Element RECORDCOUNT is undefined in USERLOOKUP
            ljk123 Level 1

            Thank you for your suggestion, Ian.  I placed <cfdump var="cfcatch#> between the <cfcatch></cfcatch> tags but didn't get any further information.  Is there another way to do it?

            • 3. Re: Element RECORDCOUNT is undefined in USERLOOKUP
              ilssac Level 5

              No, if there was anything to catch that would be showing it.

               

              Also put a <cfdump var="#userLookup#"> right after the <cfldap...> tag to see what it is returning if anything.

               

              I would aslo put a <cfabort.> there just to stop any futher processing until I knew what is happening.

              • 4. Re: Element RECORDCOUNT is undefined in USERLOOKUP
                ljk123 Level 1

                That didn't return anything either.  I know the user name and password that

                I am passing through the form is correct.  Is there another way to

                accomplish LDAP authentication or am I on the right track with this?  I have

                been working on this for over 3 weeks, and haven't made any progress.

                • 5. Re: Element RECORDCOUNT is undefined in USERLOOKUP
                  ilssac Level 5

                  What do you mean "did not return anything"?  Nothing, and empty screen?  Or just something you did not expect?  It should be returning something, an error and empty structure, strange data, something.

                   

                  You seem to be doing what I more or less do.  The only difference I see is that we often use a ColdFusion user which has been given the desired permissions on the Active Directory Ldap server.   But for authentication, we do exactly what you are doing.

                   

                          <cfldap action="query"
                              server="#variables.ldapConfig.server#"
                              name="qUser"
                              start="#variables.ldapConfig.start#"
                              filter="samaccountname=#getProperty('samaccountname')#"
                              username="#variables.ldapConfig.domain#\#getProperty('samaccountname')#"
                              password="#arguments.password#"
                              attributes = "#variables.ldapConfig.attributes#">
                              
                              <cfcatch type="application">
                                  <!--- If Authentication failed message is returned, return false --->
                                  <cfif uCase(listFirst(cfcatch.Message,":")) EQ "AUTHENTICATION FAILED">
                                      <cfset returnValue = false>
                                  <cfelse>
                                  <!--- Else rethrow any other type of exception --->
                                      <cfrethrow>
                                  </cfif>
                              </cfcatch>
                          </cftry>

                   

                  I did just notice that we use a domain\username in the username property not just the username.

                  • 6. Re: Element RECORDCOUNT is undefined in USERLOOKUP
                    ljk123 Level 1

                    Thank you for the tips.  The additional <cfcatch> did not return any different information.  I am still getting the element RECORDCOUNT is undefined in USERLOOKUP error with 500 - Internal server error: There is a problem with the resource you are looking for, and it cannot be displayed.

                     

                    If you think the code I provided looks ok, then I will take a look at some of the other files to see if they are causing the error.  The ldap.cfm posts to the login_action.cfm so maybe there is something in that one that is causing the problem?