Hi - The error message (which occurred in the line reading filter="cn=#FORM.UserLogin#") is below:
Authentication failed:[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ] Does this help identify the problem? Thanks very much! David >The next thing to check is if the admins have denied the ability to >query the directory. They would be the only ones to tell you that. > >Or, if you have admin access, you can open Active Directory Users & >Computers and check the permissions of the domain root level. >(Right-click, Properties, Security) See if domain users have been >denied any type of access to attributes or querying the directory. > >By default, all users can query the directory, but I'm pretty sure this >can be changed. > >When you try the CFLDAP code that fails, catch the exception and display >the error message and details. It may give you a clue. You should get >something such as NOT_WILLING_TO_RESPOND. > >m!ke > >attributes > >Thanks, Michael. > >I don't think the syntax is the problem because it works when I replace >#FORM.UserLogin# with the admin account username and #FORM.UserPassword# >with the admin password. I assume it's an AD because the password name >is unicodePwd - their admin isn't sure (believe it or not). I gather >client IS departments aren't always fully cooperative with vendors. > >You're right - I don't need to know the user's password, I just need to >authenticate with it. But even the simple CFLDAP query that retrieves >the cn won't execute if I use the user's credentials - it only works if >I use the administrative name and pw. > >I tried a single query as you suggest, and it throws an error every >time, citing the line with password="#FORM.UserPassword#" as the error >source in the CFLDAP query. > >This works: > ><cfldap action="QUERY" > name="find_user" > start="DC=XXX,DC=XXXX,DC=XXX" > attributes="cn,givenName,sn,department" > scope="subtree" > filter="cn=#FORM.UserLogin#" > server="[server IP address]" > username="[admin account name]" > password="[admin password]"> > >This doesn't: > ><cfldap action="QUERY" > name="authenticate" > start="DC=XXX,DC=XXXX,DC=XXX" > attributes="cn,givenName,sn,department" > scope="subtree" > filter="cn=#FORM.UserLogin#" > server="[server IP address]" > username="#FORM.UserLogin#" > password="#FORM.UserPassword#"> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:300915 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4