Hi Mike, That's the funny part. If the userID and password I provide exists on the AD, then I get back an empty query, regarding what attributes I request in the attributes field. If the user doesn't exists then I get an error: "Inappropriate authentication". If I add "*" for attributes get an error: "An error has occurred while trying to execute query :Unprocessed Continuation Reference(s). One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server"
The customer is using the Windows 2003 Server active directory. I think it's a setup or permission issue on the AD server. As I said, for the time being I am OK because if I get back a query (even empty) I assume the user exists if not then the user does not. I am sure that in the future they will want more things to be done so I would like to know what are my possibilities. It's obvious that people are using it and get the proper info back, so I think it's related to their setup. Unfortunately I don't know enough about AD to be able to debug and from their point everything is OK. Thanks again Victor On Thu, 24 Feb 2005 09:04:30 -0600, Dawson, Michael <[EMAIL PROTECTED]> wrote: > Glad I could help. > > What LDAP directory are you using? Active Directory or something else? > > In AD, if there is a user, you should get the "CN" as you requested. It > should never be empty. If there is no user, you will get an empty > query. > > Try using attributes="*" and see if you get anything back. Using "*" > for testing is fine, but I don't recommend using it for real work. > First, it brings back too much data, including binary voicemail > recordings, (if you have Cisco Call Manager, for example) and it only > brings back one value in a multi-value field such as "memberOf". > > Again, I'm using AD and these things work for me. > > Now that I look at your code a bit more, you need to specify the filter > attribute such as: > > filter="sAMAccountName=#userName#" (Again, this is AD.) > > That is, if the same username for the credentials is the same for the CN > you wish to retrieve. By not specifying a filter, you are asking for > all kinds of stuff. One of those stuff probably doesn't have a CN or, > at least, doesn't support returning the CN. > > M!ke > > -----Original Message----- > From: Victor Moore [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 23, 2005 9:56 PM > To: CF-Talk > Subject: Re: LDAP question > > Modifying the start attribute to Mike's format worked. Hurray!!! > So in may case this works: > <cfldap action="query" > name="getUser" > start="dc=companyName, dc=com" > scope="SUBTREE" > maxrows="1" > server="#serverIP#" > attributes="cn" > username="#userName#" > password="#userPassword#" > port="389"> > > If the user exists will return a query. Unfortunately it's all the time > an empty query, regarding what I put in the attributes list. > For the time being I am OK but I would like very much to be able to > return some info and not just verify that the user exists. > > Thanks Mike > > Victor > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:196298 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54