It depends on your LDAP server. It appears that you are not using Active Directory due to the way you have handled your start and username attributes. AD allows any domain user to query the directory.
Other servers, such as Novell DS, may require you to first query the directory for the DN of the user who is trying to authenticate. This first query will require a known username and password. Then, the second query will take the first query's DN and use it as the username. If all works, then, the user is authenticated. However, I have worked with a Novell server that doesn't require a username/password at all. From what I am told, this is common for Novell servers. There are a couple of improvements I would suggest. 1. As Shannon said, for the START, you can specify the root of the users container, rather than the DN of the user object. If you are told to specify the DN in the START, then change your SCOPE to BASE. There is no SUBTREE for a single object. Therefore, there is no need to ask the LDAP server to search through sub-OUs when you just told it the exact destination. It doesn't hurt, but it's confusing when reading the code. 2. While authenticating, you can also bring out other attributes such as givenName, sn, mail, etc. Currently, you are returning only cn. You may need other attributes within your application, so why not authenticate, and get their values, in a single request? 3. You don't need the <cfelse> part of your condition. You already know the UserIsValid variable is 0. Mike -----Original Message----- From: Marie Taylore [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2008 4:01 PM To: cf-talk Subject: Proper Authentication with CFLDAP? I just received this code as the "proper" way to "bind" someone during an LDAP login to a ColdFusion App. Is this really the right way? <cfset UserIsValid = 0> <CFTRY> <cfldap action="QUERY" name="Authenticate" start="uid=#username#,ou=#OurOU#,dc=#OurDC#,dc=#OurDC2#" attributes="cn" scope="SUBTREE" server="#OurServer#" username="uid=#username#,ou=#OurOU#,dc=#OurDC#,dc=#OurDC2#" password="#password#"> <cfif Authenticate.RecordCount GT 0> <cfset UserIsValid = 1> <cfelse> <cfset UserIsValid = 0> </cfif> <cfcatch type="Any"> <cfset UserIsValid = 0> <!--- DEBUG CODE HERE ---> </cfcatch> </CFTRY> <cfif UserIsValid EQ 0> Sorry, login failed. <cfabort> </cfif> If they pass the CFABORT above, they're "authenticated" to your app. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314340 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4