BTW, if their domain admin won't give you an account with domain admin permissions, you can easily create a form where they can enter their credentials, to be used for the LDAP connection, and have it mail any output to you.
-----Original Message----- From: Victor Moore [mailto:[EMAIL PROTECTED] Sent: Thursday, February 24, 2005 9:30 AM To: CF-Talk Subject: Re: LDAP question Hi Mike, That's the funny part. If the userID and password I provide exists on the AD, then I get back an empty query, regarding what attributes I request in the attributes field. If the user doesn't exists then I get an error: "Inappropriate authentication". If I add "*" for attributes get an error: "An error has occurred while trying to execute query :Unprocessed Continuation Reference(s). One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server" The customer is using the Windows 2003 Server active directory. I think it's a setup or permission issue on the AD server. As I said, for the time being I am OK because if I get back a query (even empty) I assume the user exists if not then the user does not. I am sure that in the future they will want more things to be done so I would like to know what are my possibilities. It's obvious that people are using it and get the proper info back, so I think it's related to their setup. Unfortunately I don't know enough about AD to be able to debug and from their point everything is OK. Thanks again Victor On Thu, 24 Feb 2005 09:04:30 -0600, Dawson, Michael <[EMAIL PROTECTED]> wrote: > Glad I could help. > > What LDAP directory are you using? Active Directory or something else? > > In AD, if there is a user, you should get the "CN" as you requested. > It should never be empty. If there is no user, you will get an empty > query. > > Try using attributes="*" and see if you get anything back. Using "*" > for testing is fine, but I don't recommend using it for real work. > First, it brings back too much data, including binary voicemail > recordings, (if you have Cisco Call Manager, for example) and it only > brings back one value in a multi-value field such as "memberOf". > > Again, I'm using AD and these things work for me. > > Now that I look at your code a bit more, you need to specify the > filter attribute such as: > > filter="sAMAccountName=#userName#" (Again, this is AD.) > > That is, if the same username for the credentials is the same for the > CN you wish to retrieve. By not specifying a filter, you are asking > for all kinds of stuff. One of those stuff probably doesn't have a CN > or, at least, doesn't support returning the CN. > > M!ke > > -----Original Message----- > From: Victor Moore [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 23, 2005 9:56 PM > To: CF-Talk > Subject: Re: LDAP question > > Modifying the start attribute to Mike's format worked. Hurray!!! > So in may case this works: > <cfldap action="query" > name="getUser" > start="dc=companyName, dc=com" > scope="SUBTREE" > maxrows="1" > server="#serverIP#" > attributes="cn" > username="#userName#" > password="#userPassword#" > port="389"> > > If the user exists will return a query. Unfortunately it's all the > time an empty query, regarding what I put in the attributes list. > For the time being I am OK but I would like very much to be able to > return some info and not just verify that the user exists. > > Thanks Mike > > Victor > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:196301 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
