Something you need to be careful about is the way that anonymous binds are
handled. In LDAP v3, the definition of an anonymous bind is a little
ambiguous, and can lead to problems if someone uses a blank password.
Before using LDAP to authenticate, always ensure that your username and
password are not blank.
Kevin
>>> [EMAIL PROTECTED] 02/08/02 11:13AM >>>
Generally, you can't just request the username and password. That's kind
of
a security hole if you could. All you can do is attempt to authenticate.
Set up that LDAP directory in the advanced security in CF Administrator
and
use this code:
<cftry>
<cfauthenticate securitycontext="myDirectory"
username="#distinguishedName#"
password="#password#">
<cfcatch></cfcatch>
</cftry>
Where #distinguishedName# is the unique object like=
"cn=username, ou=orgUnit, o=org, dc=com"
As far as I remembered with Novell's LDAP, you start with the cannonical
name first and move to the larger parts to the right. You may want to
double check the order though.
-----Original Message-----
From: Burcham, Steve [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 08, 2002 9:01 AM
To: CF-Talk
Subject: CFLDAP Help
How can I query my LDAP server for two values (Username and Password)? I
need to verify that the the values inserted into a form match what is in
Site Server and then continue processing the form.
______________________________________________________________________
Why Share?
Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER
Instant Activation · $99/Month · Free Setup
http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
