LDAP search

Forum|Forum|17 years ago
February 8, 2009
3 replies
1370 views

I would like to search ldap for username. I assume LDAP is on my Windows 2000 web server but not sure or how would I find out.

Here is my form:

<form action="#cgi.script_name#" method="POST">
<p>Enter a name to search.</p>
<input type="Text" name="name">
<input type="Submit" value="Search" name="">
</form>

I am not sure how to do the ldap part.

Is this the right direction?

<cfldap
server = "ldap.myservernamehere.com" 
action = "query"
name = "results"
start = "" 
filter= "sAMAccountName=#name#"
attributes = "username" >

This topic has been closed for replies.

M

matthisco

Inspiring

Also, make sure Ingegrated Windows Authentication is checked and nothing else, is you check Anon access, it will overide the other settings I think.

You may also need to add the domain as a trusted site in IE.

Tools > Options > security > sites.

Get the IT guys to add this to your security policy, so you dont have to do it manually to every mahcine.

C

cleanair4meAuthor

Participant

Thanks, I tried and it keeps giving me an error in the attributes line.
Even if I change or remove some of the attributes it gives me error saying something is wrong with attributes but no other details.
Do I need to tell server admins I am fetching LDAP info so they can change a setting. The directory I am working on in IIS is enabled for Integrated Windows Authentication.

M

matthisco

Inspiring

Are you using an account that has access to ldap?

Speak to your IT guys and they will setup an account you can query ldap with.

Also, use <cfdump var="#ldapqueryname#"> to see the actual data that cfldap is returning.

You can then alter you attributes accordingly.

LDAP attributes arent easy to fault find, it took me ages to get my authentication working. I found trial and error was the best bet.

Let me know how you get on and if I can help anymore.

M

matthisco

Inspiring

Try something like this, there are quite a few free apps on the web that allow you to browse ldap so you can see its struture and where to start.

<cfset username = right(cgi.AUTH_USER, len(cgi.AUTH_USER) - find("\", cgi.AUTH_USER))>
<cfldap
server = "xxx"
action = "query"
username = "xxx-xxx\tst"
password = "xxxx"
name = "results"
scope="subtree"
filter="samaccountName=#username#"
start = "dc=some domain,dc=local"
attributes = "givenname,surname,uid,userid,groupMembership,mail,dn,roles,memberof,cn,samaccountName" >
<cfset grouplist = "">

<cfif results.recordcount>
<cfoutput query="results">
<cfloop list="#memberof#" delimiters="," index="i">

<cfif left(trim(i),3) eq "CN=">
<cfif grouplist eq "">
<cfset grouplist = right(trim(i), len(trim(i)) - 3)>
<cfelse>
<cfset grouplist = grouplist & ", " & right(trim(i), len(trim(i)) - 3)>
</cfif>
<cfelse>
<cfset grouplist = grouplist>
</cfif>
</cfloop>

<cfset session.grouplist = grouplist>
<cfset session.fullname = cn>
<cfset session.username = samaccountName>
<cfset session.loggedin = "yes">
</cfoutput>

<cfelse>
<h1> Cannot log you in at this time</h1><cfabort>
</cfif>

C

cleanair4meAuthor

Participant

Thanks,

I guess I am confused about the LDAP in my Intranet environment. It looks like they have to enter their password again after logging into the Intranet domain and then again using the LDAP form. I was hoping to avoid the user having to enter their password again. Can I connect to LDAP without using a username and password?

M

matthisco

Inspiring

Yes thats easily done.

Go into IIS, and enable Inegrated Windows Authentication in the Directory Security tab.

You can then get the windows username they logged in with using cgi.AUTH_USER, you can use this to authenticate against ldap as in my code.

Let me know if that helps.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded