Here is the CFC I use to authenticate users. Notice that there are 2 LDAP
queries, first to see if the user exists, then using the returned username and
form.password to return their info. This is from the example given on page 369
of the book "Developing ColdFusion MX Applications with CFML.
<!---
NOTE: for this to work, this code needs to be in a MX accessible web root.
USAGE: <cfinvoke
component="security"
method="authenticate"
returnVariable="authenticated"
cfcUsername="#form.username#"
cfcPassword="#form.password#"
>
--->
<cfcomponent>
<cffunction access="public" name="authenticate" output="0">
<!--- security authentication function --->
<!--- username and password required --->
<cfargument name="cfcUsername" type="string" required="1"/>
<cfargument name="cfcPassword" type="string" required="1"/>
<cfset UserSearchFailed = 0>
<!--- This filter will look in the objectclass for the user's ID. --->
<cfset filter = "(&(objectclass=person)(uid=" & arguments.cfcUsername &
"))">
<!--- Query LDAP for the user's DN; used later to authenticate the
user. --->
<cftry>
<cfldap action="query"
name="userSearch"
attributes="dn"
start="o=#companyName#"
scope="SUBTREE"
server="#serverIP#"
port="389"
filter="#filter#">
<cfcatch type="Any">
<cfset UserSearchFailed = "true">
</cfcatch>
</cftry>
<!--- If the user search failed or returns 0 rows abort. --->
<cfif NOT userSearch.recordcount OR UserSearchFailed>
<cfset UserSearchFailed = "true">
<cfset errormsg = "UID for " & #arguments.cfcUsername# & " not
found.">
</cfif>
<cfif userSearch.recordcount and not UserSearchFailed>
<!--- Pass user's DN & password to see if the user authenticates. --->
<cftry>
<cfldap action="QUERY"
name="auth"
attributes="givenname,surname,uid,userid,groupMembership,mail,dn"
start="o=#companyName#"
scope="SUBTREE"
server="#serverIP#"
port="389"
filter="#filter#"
username="#userSearch.dn#"
password="#arguments.cfcPassword#">
<cfcatch type="Any">
<cfset UserSearchFailed = "true">
</cfcatch>
</cftry>
</cfif>
<cfset User = StructNew()>
<cfif not UserSearchFailed and auth.recordCount and len(auth.userid) eq
4>
<cfif auth.groupMembership IS NOT "">
<!--- Parse the roles from the group memberships. --->
<cfset groupList = Replace(auth.groupMembership, ", ",
":", "All")>
<cfloop list="#groupList#" index="i" delimiters=":">
<cfset thisRoleStart = FindNoCase("uid=", i)+4>
<cfset thisRoleEnd = FindNoCase(",", i,
thisRoleStart)>
<cfset roles = roles & Mid(i, thisRoleStart,
thisRoleEnd-thisRoleStart) & ",">
</cfloop>
</cfif>
<!--- Trim final comma from the end of the roles variable. --->
<cfset roles = RemoveChars(roles, len(roles), 1)>
<cfscript>
StructInsert(User, "givenname", auth.givenname);
StructInsert(User, "surname", auth.surname);
StructInsert(User, "uid", auth.uid);
StructInsert(User, "userid", auth.userid);
StructInsert(User, "roles", roles);
StructInsert(User, "mail", auth.mail);
StructInsert(User, "ou", auth.dn);
</cfscript>
</cfif>
<cfreturn User/>
</cffunction>
</cfcomponent>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Find out how CFTicket can increase your company's customer support
efficiency by 100%
http://www.houseoffusion.com/banners/view.cfm?bannerid=49
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192117
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
