Skip to main content
CFDaddio2
CFDaddio2
Participant
February 13, 2026
Question

Using LDAP group authentication within ColdFusion 2023 Admin console

  • February 13, 2026
  • 1 reply
  • 0 views

Environment: Windows-based, using ColdFusion 2023. 

When creating admin console “users,” has anyone setup external authentication (using LDAP) using groups instead of individual users?  

Due to a recently released ColdFusion STIG I’m now required to create admin console users who are externally authenticated (no local user accounts). In my case, that means using LDAP to authenticate the users from Active Directory (AD). 

My preference is to configure this using an AD group instead of individual users.I’m struggling trying to determine what data goes in what fields during the setup.  

I have the LDAP configured and verifying the connection. I’m using the correct LDAP filter in the Group Configuration field; I know it’s correct because when I test it using the CFLDAP tag, it returns the users who are assigned to the target group.  

But, in the User Manager (User Detail), the ‘User name’ field is required and I’m not sure what to enter. I’ve tried several different things, but always get the response, “Unable to create user: this user doesn’t exist in server.”  

If anyone has configured CF admin console access in this way or has something to suggest, I’d appreciate the help. Thank you. 

 

    1 reply

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    February 16, 2026

    I shall start by saying that I’ve never before had to use LDAP in this way. But I am curious to know how this works. 

    I think you keep getting “Unable to create user: this user doesn’t exist in server“ for the following reason. During the "Add User" step, ColdFusion attempts to validate a specific individual user object against your LDAP search base, rather than simply accepting a group DN.

     

    But ColdFusion Administrator’s LDAP integration does not create group-based admin accounts by itself. Even when using external authentication (LDAP/AD), ColdFusion still requires a user object to exist in LDAP for each Admin user you create in the Administrator.

     

    So, one way to Implement STIG-compliant LDAP Admin access (Using AD Group Control) would be to treat the group itself as the "User" entry in the User Manager.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices