2 Replies Latest reply on Jul 7, 2010 11:54 AM by Gary1

    Need Help With Capturing EDirectory/IChain User Info

    Gary1 Level 1

      After 8 years, we were finally able to get our production ColdFusion MX7 server, working with the company's EDirectory server.  EDirectory now authenticates users, based on their job title, job class, job group, etc.  We provided our IS (Information Security) department with the job codes and report names, directories, etc., that each employee (job code) can access.  Previously, we used "passwords" to limit access to more confidential reports to select management employees.


      There are only a few CF servers in our company, so the IS (Information Security) department is not familiar with how to use ColdFusion to "capture" user information that they say is being passed "back" to the CF server, after each user's query/report request.   IS says about a dozen variables are being passed in the header, back to the CF server, including EMPLOYEE NAME, LOCATION, etc.


      I'm trying to figure out how to capture that info, and use it to greet the user "by name" when they connect to our CF report server. And to also maintain a log file of which locations and employees are accessing our web reports.  Today, we use the SQL Server logs, which only contain the IP address and URL information "sent" (not returned), to know how often certain reports are being requested.  But we don't know by who, or by which locations.


      One person in IS recommended using CFHTTP, and I've tried it, but don't seem to be able to pull the variables off the header.  I thought using CFLDAP might work, but doesn't.  If anyone is in a similar situation, and knows how best to pull this info from the header info coming from EDirectory, I would apppreciate some advice.  Just knowing if CFLDAP or CFHTTP will work, or if something else is required.  Just trying to get on the right footing, at the moment.  Thank you,



        • 1. Re: Need Help With Capturing EDirectory/IChain User Info
          Dan Bracuk Level 5

          Does cgi.auth_user return anything useful?

          • 2. Re: Need Help With Capturing EDirectory/IChain User Info
            Gary1 Level 1

            Thanks for the reply.  I was actually hoping the I-Chain/EDirectory variables would be available as CGI variables.  Here are some of the CGI variables I tried to retrieve from the header.  As you can see, only two contained values.  There must be some other way to obtain these.  I'd played around with CFLDAP, CFHTTP, etc.  No such luck.  But as mentioned, the IS dept says the values I'm looking for (UserID, Name, Location, etc.) are all being sent in every header (every response from the server).  Am just not sure which CF tags/tools to use to capture them.  Maybe it requires some special script.  I tried a few of those found in the CF7 on-line help, but no luck in getting the scripts to run.  If any other thoughts or suggestions, they would be much appreciated.  Thanks again, Gary1.


            <CFSET ValidSource1 = CGI.QUERY_STRING>
            <CFSET ValidSource2 = CGI.HTTP_REFERER>
            <CFSET ValidSource3 = CGI.REMOTE_USER>
            <CFSET ValidSource4 = CGI.REMOTE_ADDR>
            <CFSET ValidSource5 = CGI.AUTH_USER>
            <CFSET ValidSource6 = CGI.REMOTE_USER>
            <CFSET ValidSource7 = CGI.SERVER_NAME>

            ValidSource1 =
            ValidSource2 =
            ValidSource3 =
            ValidSource4 =
            ValidSource5 =
            ValidSource6 =
            ValidSource7 = aometrics.xxx.com