shot in the dark here. think you need to alter your filter attribute. i think something like this will work... <cfldap action="query" name="qryUser" start="ou=OU1,dc=xxx,dc=yyy,dc=edu" scope="subtree" attributes="*" FILTER="(&(distinguishedName=*ou=OU1,dc=xxx,dc=yyy,dc=edu)(uid=#form. username#))" server="server.xxx.yyy.edu" port="389" username="xxx\#Trim(user1)#" password="user1password">
I got this from another post (http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:54320) and here's the description Mike Dawson gave "OU is not an attribute of a user object, so that is why you can't use that attribute in the filter. However, the OU is "part of" the user's distinguishedName." jonese On Wed, Feb 27, 2008 at 4:08 PM, Bonnie Woods <[EMAIL PROTECTED]> wrote: > Hi: > I'm having trouble getting CFLDAP to work with my Active Directory. Here's > what I have so far: > > Server name: server.xxx.yyy.edu > Active directory structure: > > xxx > OU1 (organizational unit, not security group) > User1 > OU2 > User2 > > I want to set up the CFLDAP tag so that it only authenticates users in OU1 > NOT anyone outside of OU1 (so User1 would authenticate, but User 2 would > not). Here's my code: > > <cfldap > action="query" > name="qryUser" > start="ou=OU1,dc=xxx,dc=yyy,dc=edu" > scope="subtree" > attributes="*" filter="ou=OU1" > server="server.xxx.yyy.edu" > port="389" > username="xxx\#Trim(user1)#" > password="user1password"> > > The authentication works, but it will authenticate users in OU2 as well as > OU1. > Please help! Thanks. > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:300027 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4