The START has to be a valid, complete OU. You will need to set the START to the lowest level of "dc=xxx,dc=yy" no matter what. Now, I haven't actually tried this, but it should work. You might be able to use the FILTER attribute to limit the DNs.
FILTER="(|(*ou=building1,*)(*ou=building2*))" Watch the format of the LDAP filter. It's screwey, but pretty flexible. Another option is to use group membership to separate your accounts. Many organizations, ours included, mis-use AD OUs to separate groups of people. However, OUs should be used to grant administrative permissions to different groups of objects. Then, you use group membership to separate/combine different types of objects. If you are able to change the structure of AD, I would suggest doing it before it goes too far. If that is not an option, there are other ways to find what you need. For example, we have an OU for employees, an OU for faculty and an OU for students. Now, we have people here that work full-time, but also teach a course or two. But, at night, they attend classes. Therefore, they are employees, instructors and students. So, where do you place these people? In my perfect world, we would just have a huge-honkin' OU for all user accounts, and these people would become members of three different domain groups. But, it's too late for that here. One other option, which works pretty good, is to periodically dump all AD accounts into a SQL database. Good luck. M!ke -----Original Message----- From: Tangorre, Michael [mailto:[EMAIL PROTECTED] Sent: Monday, July 18, 2005 7:54 AM To: CF-Talk Subject: CFLDAP I am trying to figure out if we need to reorder our Active Directory architecture or if I can get around what appears to be a problem at the current time. Lets say I have a DN as follows: CN=Tangorre\, Michael, ou=developers, ou=users, ou=building, dc=xxx, dc=yy Is there a way to specify to do a wildcard in the ou portion that contains the building? Right now I can only get the users by building name but what I really want is ALL users. The following gives me the Silver Spring users but I want to disregard the building. If I omit it that part of the OU, no records come back, if I use * I get an error. <cfldap action="QUERY" name="selectUsers" attributes="cn,dn,ou" start="ou=users,ou=Silver Spring,dc=xxx,dc=yy"> Any idea? Thanks, Mike T. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:212118 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
