>From Memory
You sue the query to authenticate blank is pass, error is fail like you said. But to actually get stuff out of the directory, a user has no permission to do this. So You run a separate LDAP query as the administrator or someone with permission to retrieve users details. Simple test, try your query with Administrator username and password account but leave samaccountanme as ryan to see what happens. Regards Dale Fraser <http://dalefraser.blogspot.com> http://dalefraser.blogspot.com From: cfaussie@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Scott Sent: Monday, 4 June 2007 12:23 PM To: cfaussie@googlegroups.com Subject: [cfaussie] Re: Authenticate user against NT domain probably the filter... On 6/4/07, Ryan Sabir <[EMAIL PROTECTED]> wrote: Thanks for the tip Dale, I'm nearly there: I've got this query: <cfldap action="QUERY" name="getLdapUser" attributes="userPrincipalName,cn,dn,displayName,ou,sAMAccountName" start="dc=newgency,dc=com" scope="SUBTREE" filter="(&(objectclass=user)(samaccountname=ryan))" server="dcName" port="389" username="NEWGENCY\ryan" password=" xxxxxxxx"> It fails if the username or password are incorrect, and returns an empty query when they are correct. Now this is enough for me to get by for now, but I want to get a bit of information out of the LDAP directory, i.e. their full name, group membership, etc. Can anyone see why its returning an empty query rather than the user info? thanks, bye! _____ From: cfaussie@googlegroups.com [mailto: <mailto:cfaussie@googlegroups.com> [EMAIL PROTECTED] On Behalf Of Dale Fraser Sent: Monday, 4 June 2007 10:30 AM To: cfaussie@googlegroups.com Subject: [cfaussie] Re: Authenticate user against NT domain You can use LDAP to validate a username and password against a domain. <CFLDAP Regards Dale Fraser http://dalefraser.blogspot.com <http://dalefraser.blogspot.com/> From: cfaussie@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Sabir Sent: Monday, 4 June 2007 10:25 AM To: 'cfaussie@googlegroups.com' Subject: [cfaussie] Authenticate user against NT domain Heya, I want to offer a username/password login box that a user can put their Windows domain logon into, and it checks these details against the Active Directory and allows/disallows the user. I know you can do this by disallowing anonymous access and checking the AUTH_USER cgi variable, but there are a few issues with this: - It doesn't work on AJAX-heavy sites when the users are on Firefox. - I want a login box that is integrated into my site, rather than the default login dialog box. All I need is a way to make a call to my Domain Controller with the username and password, and it to tell me whether that is a valid user or not. What is the best way to go about doing this? thanks. Error! Filename not specified. Ryan Sabir Technical Director p: (02) 9274 8030 f: (02) 9274 8099 m: 0411 512 454 w: <http://www.newgency.com/> www.newgency.com Error! Filename not specified. Newgency Pty Ltd Web | Multimedia | eMarketing 115 Cooper St Surry Hills NSW 2010 Sydney, Australia www.aegeon.com.au Phone: +613 8676 4223 Mobile: 0404 998 273 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to cfaussie@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---