Skip to main content
A
Anonymous
March 28, 2008
Answered

Querying a secure CFLDAP

  • March 28, 2008
  • 2 replies
  • 1453 views
Hello all,

I have been pulling my hair out trying to figure out why my CFMX7 box will not authenticate with a secure LDAP. I have been able to query using ldp.exe from micosoft but nothing with CF. I have been all over the Internet looking for solutions and suggestion but nothing has helped.

I believe I imported the crt correctly but I suspect that is where I am experiencing the breakdown.

Here is the code:
<cfldap
server = "#domain#"
action = "query"
name = "results"
start = "dc=school,dc=edu"
filter = "(sAMAccountName=aasmith)"
port="636"
username="username"
password="password"
attributes = "ldapDisplayName"
secure="cfssl_basic">

I imported the crt before and tried again just case and it said that it was already there. I would like to delete the alias out and start over be could not. Can someone help me with this?

Thanks!!!
This topic has been closed for replies.
Correct answer
Well the believe it or not I figured it out. It was only after reading this post ( http://www.numtopia.com/terry/blog/archives/2006/07/importing_ssl_certificates_with_keytool_finally.cfm) that I started thinking that I remember I would import certificates and thenn run a list to make sure that they were in there. I could never find them and the total amount would always stay at 106.

I then entered the following (replace "whateverthecertis"): keytool -import -keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts -file whateverthecertis.cer -alias whateverthecertis

All of the documentation examples I read (which was quite a bit) always had "-keystore cacerts" which places it in the same directory as the keytool (C:\CFusionMX7\runtime\jre\bin). Therefore the CF server never sees it.

I hope this helps someone as it would have saved me a week.

2 replies

C
cf_jimmy
Participating Frequently
March 28, 2008
also, you didn't say what the error message, if any, you were receiving when making the ldap call. If it's 'connection failure' then it's almost a guarantee that the issue is with the cert not being imported or configured properly.
A
Anonymous
March 28, 2008
Here is the error message:

Connection to LDAP Server failed

C
cf_jimmy
Participating Frequently
March 28, 2008
have you looked at this?

http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_19139
A
Anonymous
March 28, 2008
Yes, I thought I followed it to the tee. However it still is not working. I tried to run "keytool -list -keystore cacerts -alias ldapserver-cert -storepass changeit -v" to check the cert but it just came back with a list of all the functions.

Any idea? Thanks
C
cf_jimmy
Participating Frequently
March 28, 2008
depending on where you've installed CF, you may need to change these paths -

Open a command prompt and cd to “C:\CFusionMX7\runtime\jre\bin”

From here you can feed the command prompt the following command (on one line):

keytool -list -storepass changeit -noprompt -keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts

Example:

C:\CFusionMX7\runtime\jre\bin>keytool -list -storepass changeit -noprompt -keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts


This should list out all the current certs.

This blog post has more info as well - http://www.coldfusionmuse.com/index.cfm/2005/01/29/keystore

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices