Matt,
I have set up CFA with the new user Directory and I can see the LDAP schema with
[Add/Remove Users for Policy
"LetThemIn" from User Directory "Distributors"] and I have access to LDAP via the
Account Managers account on our
test LDAP server. I am thinking that I need to be more specific about Search Root,
Lookup Start and Lookup End. I
have;
Search Root o=gmu.edu
Lookup Start (&(objectclass=* (uid=))
Lookup End ou=people,o=gmu.edu
I have found some examples on the net but nothing specific in the manuals. I am
following the examples in Chapter
6 of Allarie's Advanced Application Development manual on the server side setup and I
am using their SuperGadgets
templates for authentication. When I try to login to the SuperGadgets I get
Error Diagnostic Information
CFAuthenticate Tag Error.
Invalid User 'dvadar' for Security Context 'Extranet'. (This is a valid user on our
test LDAP server.)
I have our email administrator is reviewing their LDAP environmental settings to see
if they have some security
settings that might be preventing my authentication attempts. We do have privacy
flags for students that desire to
not have any email and phone information to be made available.
I have also used the CFLDAP tags and have been able to query the directory. I have
also attempted to delete a test
account with an account that did not have the appropriate access and I got an error
message that the account had
insufficient access. I did not proceed with CFLDAP because authentication through the
server settings seemed to be
a more appropriate method.
With all that being said, I believe that I need to be more specific with the Lookup
Start and Lookup End. Any
insight that you could provide would be greatly appreciated.
Jerre
Matt Eschenbaum wrote:
> Set up the LDAP in the CFA as a new user Directory. You will need to point
> it to the LDAP server (via IP or Domain Name). You will need an account
> with sufficient privileges, search root, Lookup start, and the lookup end.
> You can then set a context to use the cfauthenticate tag. This can be time
> consuming but once done works rather well.
>
> Depending on your access to the LDAP server schema, you can also utilize the
> CFLDAP tag to authenticate as well as query for information on the server.
>
> Sincerely,
>
> Matthew M. Eschenbaum
> Allaire Certified Professional
> DevTech Inc.
> [EMAIL PROTECTED]
> 206.956.0888
> www.dev-tech.com
>
> -----Original Message-----
> From: Christopher Olive, CIO [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 25, 2001 1:21 PM
> To: CF-Talk
> Subject: RE: using NT accounts for username/password login
> authentication
>
> um...you did post to the list. :)
>
> ldap is a different animal. i've never really used it for authentication,
> besides Win2K's ACLs being LDAP-compliant.
>
> you're probably going to want to look into Advanced Security. it can use an
> LDAP database for suthentication. of course, it's a BEAST to setup.
>
> chris olive, cio
> cresco technologies
> [EMAIL PROTECTED]
> http://www.crescotech.com
>
> -----Original Message-----
> From: Jerre Hale [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 25, 2001 3:52 PM
> To: CF-Talk
> Subject: Re: using NT accounts for username/password login
> authentication
>
> Chris,
>
> Sorry to respond to you this way. I subscribed to this list only today. I
> am looking for help on authenticating
> users against an ldap directory but have not quite gotten there yet and I
> cannot see how to post to the list. Any
> pointers on how to post to the list would be appreciated. Then I will be
> more descriptive in my question.
>
> Thanks,
>
> Jerre
>
> "Christopher Olive, CIO" wrote:
>
> > if you're running IIS, just switch off anonymous access. users will be
> > prompted for their NT password, and the ACL on that directory/file will
> take
> > over. if they're not authorized, they get a 403.1 error.
> >
> > chris olive, cio
> > cresco technologies
> > [EMAIL PROTECTED]
> > http://www.crescotech.com
> >
> > -----Original Message-----
> > From: Philip Humeniuk [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, April 25, 2001 12:09 PM
> > To: CF-Talk
> > Subject: Re: using NT accounts for username/password login
> > authentication
> >
> > How would you go about accessing the NT accounts and use those
> > username/password for login
> > authentication rather than accessing an MS Access database?
> >
> > Has anyone done this before?
> >
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
