I posted this over in Advanced techniques with only one
brave, yet
unfortunately uninformed taker...
Anyone here have a clue as to why I'd get the error described
in the
text below???
[Only Response...]
Thank you for your response... I probably should explain
better what
this code does...
It queries a data source (DB2 database) for a list of about
2000 names
(specifically their Employee number).
Then it queries the MS Active directory for a list of anyone
who has an
attribute of employeeNumber that
is not an empty string.
Next, it uses a QofQ to join the two record sets together,
tossing out
any records that do not match from
both of the data sources.
Then I loop over that list of employees adding them into a
group.
This operation dos nothing to modify a users password.
Thanks,
D.
Ian Skinner wrote:
> This came off of another CF related list. Not sure if it
applies to
> your situation or not.
>
> * You cannot change passwords unless you have a SSL cert
setup for the
> CF server and the AD domain controller.
>
> I have not first hand experience with this, so all I can
offer is to
> pass along the above comment.
>
> dnagel wrote:
>> So, this is the advanced techniques group... and no
one feels the
>> least bit challenged?
>> Theres got to be someone who enjoys delving into
LDAP out there...
>>
>> D.
I'm having a bit of trouble getting the CFLDAP Modify query
to execute
after
I tied it into the CFLOOPed query... When I ran it with my
own users DN it
worked great... it does not work with any other DN. My
account has Domain
Adminis on this sandboxed server and is capable of making the
change by hand
using the AD tools inside of MMC... Any suggestions? Thanks,
D.
<cfset servername = "AD.TESTSITE.com">
<cfset username = "DNagel@TESTSITE.com">
<cfset password = "PASSWORD">
<cfset domain = "TESTSITE">
<cfset OU = "ou=Granite">
<cfoutput>
<CFSet GroupName="TestDistribution">
<CFSet GroupDN =
"cn=#GroupName#,cn=Users,dc=#domain#,dc=com">
<CFQuery name="Users" datasource="GCI_Workforce">
Select cast (WBAN8 as varchar(10)) as WBAN8, wbemal from
WTWDSECPJ1 where WBEXEMPT ='Y'
</CFQuery>
<cfldap
action="query"
server = "#servername#"
username = "#username#"
password = "#password#"
start = "#OU#,dc=#domain#,dc=com"
attributes = "dn,employeeNumber"
filter = "employeeNumber=*"
name = "adDNLookup"
scope = "subtree"
>
<CFQuery Name="JoinUsers" DBType="Query">
Select
adDNLookup.DN, adDNLookup.employeeNumber
from
adDNLookup,
Users
Where
adDNLookup.employeeNumber = Users.wban8
</CFQuery>
<CFLoop Query="JoinUsers">
<CFTry>
<!---<CFSet UserDN = "member=cn=Dennis
Nagel,CN=Users,DC=TESTSITE,DC=com">--->
<CFSet UserDN = "member=#DN#">
<CFSet UserName="#employeeNumber#">
#UserName# #UserDN#<br>
<cfldap
action="modify"
server = "#servername#"
username = "#username#"
password = "#password#"
modifytype="add"
attributes = "#UserDN#"
dn="#GroupDN#"
separator=";"
>
<cfoutput>#UserName# has been added to the group
(#GroupName#).</cfoutput>
<cfcatch type="any">
<cfif FindNoCase( "ENTRY_EXISTS", cfcatch.message )>
<cfoutput>
#UserName# is already assigned to the group
(#GroupName#).
</cfoutput>
<cfelse>
<cfoutput>
Unknown error : #cfcatch.detail#")
</cfoutput>
<cfabort>
</cfif>
</cfcatch>
</CFTry>
</CFLoop>
</cfoutput>
heres the trace info...
110028 member=CN=Mary Chalfa, OU=PSP_Indio, OU=PSP,
OU=GC_Branches,
ou=Granite, dc=TESTSITE, dc=com
Unknown error : One or more of the required attributes may be
missing/incorrect or you do not have permissions to execute
this
operation on the server")
--------------------------------------------------------------------------------
Debugging Information ColdFusion Server Enterprise
6,1,0,63958
Template /JDE-AD-Sync/JDE-AD-Groups.cfm
Time Stamp 22-Jun-06 12:02 PM
Locale English (US)
User Agent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2;
SV1; .NET
CLR 1.1.4322; .NET CLR 1.0.3705)
Remote IP 127.0.0.1
Host Name 127.0.0.1
--------------------------------------------------------------------------------
Execution Time
Total Time Avg Time Count Template
687 ms 687 ms 1
C:\Inetpub\wwwroot\JDE-AD-Sync\JDE-AD-Groups.cfm
0 ms 0 ms 1 C:\Inetpub\wwwroot\JDE-AD-Sync\Application.cfm
0 ms STARTUP, PARSING, COMPILING, LOADING, & SHUTDOWN
687 ms TOTAL EXECUTION TIME
red = over 250 ms average execution time
--------------------------------------------------------------------------------
Exceptions
12:02:45.045 - Application Exception - in
C:\Inetpub\wwwroot\JDE-AD-Sync\JDE-AD-Groups.cfm : line 67
An error has occured while trying to execute modify :[LDAP:
error code 49 - 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece].
--------------------------------------------------------------------------------
SQL Queries
Users (Datasource=GCI_Workforce, Time=47ms, Records=2203) in
C:\Inetpub\wwwroot\JDE-AD-Sync\JDE-AD-Groups.cfm @
12:02:44.044
Select cast (WBAN8 as varchar(10)) as WBAN8, wbemal from
WTWDSECPJ1 where WBEXEMPT ='Y'
JoinUsers (Datasource=, Time=16ms, Records=996) in
C:\Inetpub\wwwroot\JDE-AD-Sync\JDE-AD-Groups.cfm @
12:02:45.045
Select
adDNLookup.DN, adDNLookup.employeeNumber
from
adDNLookup,
Users
Where
adDNLookup.employeeNumber = Users.wban8
--------------------------------------------------------------------------------
Scope Variables
Application Variables:
applicationname=JDE-AD-Sync
ds=GCI_WFD
Cookie Variables:
JSESSIONID=36301107041151000811062
Server Variables:
COLDFUSION=Struct (8)
OS=Struct (5)
Session Variables:
cfid=831
cftoken=54562187
sessionid=JDE-AD-SYNC_831_54562187
urltoken=CFID=831&CFTOKEN=54562187
Debug Rendering Time: 63 ms
1
Reply
AdChoices