How to use LDAP to authenticate ?

Forum|Forum|6 years ago
November 18, 2019
1 reply
2420 views

Hi,

I am using ColdFusion 2018 and an Oracle 12c Database.

I would like to use LDAP to authenticate my users. As of now the users are being authenticated by their Usernames in an Oracle Database, upon logging-in their roles are checked to see if they have an adequate role and then they are made available different screens depending on their roles. I would like to do the same but within an LDAP authentication method. How can I do this ?

Regards

IQ

This topic has been closed for replies.

I

iq11

Known Participant

Any updates for me ?

Charlie Arehart

Community Expert

IQ, to be clear, this is not a forum where you should EXPECT an answer. If folks seeing your question can offer an answer, they will. It may be days before someone (motivated to offer the answer) does reply. Sometimes that's influenced by the nature of the question.

In your case, you could help us by clarifying what you have looked into already for doing that integration. A simple search of:

coldfusion ldap

will find many results. You would more likely get an answer with a direct question, such as "i tried x and got y as a result, but I expected z. what went wrong?"

I will point out that CF offers the CFLDAP tag, and it is also possible to perform authentication (against ldap) in your web server and have that information passed into CF. I'd start with the cfldap tag, if I were you. Let us know if you still have questions.

/Charlie (troubleshooter, carehart. org)

I

iq11

Known Participant

ok you are right.

So I have tried using the syntax below

in the application.cfm file a single line entry

and code in the program similar to , a detailed code copy is attached.

My problem is thats this LDAP connectivity test worked successfully for my Network Idanda few other colleagues, the only problem or workaround is that the Network password of the user should match the Oracle password. We are using Oracle 10G database and plan on upgrading to Oracle 12c soon.

Is there a way I can avoid doing this, I would like it to be directly able to login using LDAP and then based on roles assigned just display the relevant pages ? So this way even if the ORacle password changes it does not impact as it validates only using LDAP.

<cfparam name="isAuthenticated" default="false">  

<cfparam name="logindomain" default="tw">  

<cfparam name="ldapServer" default="org.ad.city.aa">  

<cfparam name="dcStart" default="DC=city,DC=aa">    

<cfif IsDefined("form.username") AND form.username is not "" AND IsDefined("form.password") AND form.password is not "">      

   <cftry>          

         <cfldap action="QUERY"          

               name="auth"          

               attributes="samAccountName"          

               start="#dcStart#"          

               scope="SUBTREE"          

               maxrows="1"          

               server="#ldapServer#"          

               username="#logindomain#\#form.username#"          

               password="#form.password#">          

         <cfset isAuthenticated="true">             

      <cfcatch type="ANY">              

         <cfset isAuthenticated="no">          

      </cfcatch>      

   </cftry>  

</cfif>    

<cfoutput>      

   <cfif isAuthenticated>          
         <p>You are authenticated:</p> #isauthenticated#      
    #Form.UserName#



<cfset Session.UserName = #Form.UserName#>
<cfset Session.password = #LCase(Form.Password)#>
<cfset Session.back = 0>
     <!---  --->	         <cfif dbtype is 'oracle'>
				<cfquery name="FindRole" datasource="#datasource#" username="#Session.UserName#" password="#Session.password#">
                SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTEE = '#Ucase(form.username)#' AND (GRANTED_ROLE = 'PMD_ADMIN' OR GRANTED_ROLE = 'OPERATOR' OR GRANTED_ROLE = 'MANAGER' OR GRANTED_ROLE = 'VIEWER') 
                </cfquery>
				<cfelseif dbtype is 'sqlserver'>
 				<cfquery name="FindRole" datasource="#datasource#" username=#Session.UserName# password=#Session.password#>
                select name 
				from sysusers 
				where uid in 
				     (select groupuid from sysmembers where memberuid = (select uid from sysusers where LOWER(name) = '#form.username#'))
				</cfquery>
				</cfif>
			
<cfif dbtype is 'oracle'>
	  <CFIF findrole.granted_role is 'MANAGER'>
		<cfset session.role = "manager">
	  <CFELSEIF Session.Username is 'dbo'>
		<cfset session.role = "owner">
	  <CFELSEIF findrole.granted_role is 'OPERATOR'>
		<cfset session.role = "operator">
	  <CFELSEIF findrole.granted_role is 'VIEWER'>
		<cfset session.role = "viewer">
	  <CFELSEIF findrole.granted_role is 'ADMIN'>
		<cfset session.role = "admin">
	  <CFELSE>	  
<script>
alert('Your user account has not been assigned a role, please contact your eAS administrator.');
document.location = 'default.cfm';
</script>
	  </CFIF>
<cfelseif dbtype is 'sqlserver'>

<cfset checkforrole = 0>

<cfloop query="FindRole">
<cfif Find("viewer",name) GT 0>
<cfset Session.role = "viewer">
<cfset checkforrole = 1>
</cfif>
</cfloop>

<cfloop query="FindRole">
<cfif Find("operator",name) GT 0>
<cfset Session.role = "operator">
<cfset checkforrole = 1>
</cfif>
</cfloop>

<cfloop query="FindRole">
<cfif Find("manager",name) GT 0>
<cfset Session.role = "manager">
<cfset checkforrole = 1>
</cfif>
</cfloop>

<cfloop query="FindRole">
<cfif Find("administrator",name) GT 0>
<cfset Session.role = "admin">
<cfset checkforrole = 1>
</cfif>
</cfloop>

<cfloop query="FindRole">
<cfif Find("db_owner",name) GT 0>
<cfset Session.role = "admin">
<cfset checkforrole = 1>
</cfif>
</cfloop>

<cfif checkforrole is 0>
<script>
alert('Your user account has not been assigned a role, please contact your eAS administrator.');
document.location = 'default.cfm';
</script>
</cfif>

</cfif>

<CFLOGINUSER name="#Session.UserName#" password="#Session.Password#" roles="">

<cfif dbtype is 'oracle'>
 <cfquery name="LookUp" datasource="#datasource#" username=#Form.UserName# password=#Form.password#>
  SELECT max(ipn) FROM dbo.look_up 
 </cfquery>
<cfelseif dbtype is 'sqlserver'>
 <cfquery name="LookUp" datasource="#datasource#" username="#Form.UserName#" password="#Form.password#">
  SELECT * FROM dbo.look_up
 </cfquery>
</cfif>
<-- -->
<cftry>
<script>
document.location = "main.cfm"
</script>
 <cfcatch type="any">
        Error: <cfoutput>#cfcatch.message#</cfoutput>
    </cfcatch>
</cftry>
		 

		 
		 
		 
   <cfelse>          
   #isauthenticated#  
      <p>Welcome !      
    
   </cfif>      

<form action="#cgi.script_name#" method="POST">      

   <p>Enter your login and pwd to see if you authenticate      

   <p>Username #logindomain#\<input type="Text" name="username" <cfif (IsDefined("form.username") AND form.username is not "")>value="#form.username#"</cfif>>      

   <br>password<input type="password" name="password" <cfif (IsDefined("form.password") AND form.password is not "")>value="#form.password#"</cfif>>      

   <br><input type="Submit" value="Login" name="">      

</form>  

</cfoutput>

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded