I find emailing out cfdumps to my more effective as Farcry sometimes 'hides' errors
Especially with this sort of thing where an error may be handled by creating an empty struct which would then affect the flow of the program. You could also do logs or traces. 2009/2/6 Blair McKenzie <[email protected]> > There's definitely a glitch in that loop somewhere then, but I can't see it > just by looking at the code. All I can suggest is to do some dump-aborts to > that loop to track down where it's breaking down. What is in the > authentication structs? Are the various if statements catching the correct > cases? > > > On Fri, Feb 6, 2009 at 6:44 AM, Chris Roth <[email protected]> wrote: > >> >> Blair, >> >> I added the seq attribute to my AD component: >> >> <cfcomponent displayname="CMI Active Directory User Directory" >> hint="AD User Directory" >> extends="farcry.core.packages.security.UserDirectory" output="false" >> bEncrypted="false" seq="9998"> >> >> >> and a dump of application.security on the login page confirms it. >> >> The issue still seems to be that ONLY the "default" user directory is >> being used. >> >> Any other ideas? >> >> >> On Feb 4, 9:08 pm, Blair McKenzie <[email protected]> wrote: >> > Another possibility is that the order of the directories is affecting >> the >> > login process. You can change the order of the user directories that are >> > processed by adding a seq attribute to the user directory component. >> > FarcryUD defaults to 9999. Try adding a lower seq to yours, and updating >> the >> > app. >> > >> > >> > >> > On Thu, Feb 5, 2009 at 11:58 AM, Chris Roth <[email protected]> >> wrote: >> > >> > > Hi Blair, >> > >> > > I see the loop you refer to but I can not seem to figure out why that >> > > loop does not seem to be running. >> > >> > > Once the selectUD form control is removed from the login form, I can >> > > only log in with a user in the "default" directory. >> > >> > > If I set the default directory to be FarcryUD, I can log in with a FC >> > > user but,if I try to login with AD credentials, I get the username/ >> > > password worng bubble. >> > >> > > If I set the default directory to be my AD, I can log in with a AD >> > > user but,if I try to login with FC credentials, I DO NOT get the >> > > username/password worng bubble, but the form repaints. >> > >> > > Any other ideas? This is and sme minor verity plugin issues are my >> > > only dev to prod hold up. >> > >> > > On Feb 1, 4:32 pm, Blair McKenzie <[email protected]> wrote: >> > > > The loop is done in packages/security/security.cfc. It looks like it >> > > should >> > > > work, but if you find something wrong let me know. >> > >> > > > On Sat, Jan 31, 2009 at 4:44 AM, Chris Roth <[email protected]> >> > > wrote: >> > >> > > > > Here's a bit more info that may help you help me.. >> > >> > > > > If I go to: >> http://dev-www.mydomain.com/webtop/login.cfm?ud=CLIENTUD >> > >> > > > > As mentioned I can login with my FC user. And if I try to login >> with >> > > > > my AD user I get the user/pass incorrect bubble. - both as >> expected. >> > >> > > > > I do not get the forgot password, forgot user, register links. it >> I >> > > > > enter incorrect logins using either the ?ud=clientud or directly >> > > > > accessing the login page. >> > >> > > > > However. >> > >> > > > > If I login one way or the other (sucessfully), then use my back >> button >> > > > > to return to the login page, then hit reload, I do see the misc. >> links >> > > > > below the login, however >> > >> > > > > I am still required to login using which ever method was >> successful >> > > > > before hitting back. >> > >> > > > > On Jan 30, 9:33 am, Chris Roth <[email protected]> wrote: >> > > > > > Blair, >> > >> > > > > > Yes, I updated app and reloaded security. >> > >> > > > > > Can you point me to where Farcry loops thru the configured UDs? >> I >> > > > > > could not find it, but admit I may not know all the places to >> look. >> > >> > > > > > I configimed my Farcy user login is working by going to the >> webtop >> > > via >> > > > > > the url passed var. >> > >> > > > > >http://dev-www.mydomain.com/webtop/login.cfm?ud=CLIENTUD >> > >> > > > > > But it definately does not appear to be looping over the UD's >> when I >> > > > > > try to log in to the web top without passing the ud variable >> > > > > > andentering the farcry user login details. >> > >> > > > > > Chris >> > >> > > > > > On Jan 29, 8:35 pm, Blair McKenzie <[email protected]> wrote: >> > >> > > > > > > Did you updateapp / reload security? >> > >> > > > > > > On Fri, Jan 30, 2009 at 11:05 AM, Chris Roth < >> [email protected] >> > >> > > > > wrote: >> > >> > > > > > > > Blair, >> > >> > > > > > > > Here's the authenticate function in my cmiad.cfc. Am i >> missing >> > > > > > > > something? Does setting stResult = StructNew() not create an >> > > empty >> > > > > > > > struct? >> > >> > > > > > > > <cffunction name="authenticate" access="public" >> > > output="true" >> > > > > > > > returntype="struct" hint="Attempts to process a user. Runs >> every >> > > time >> > > > > > > > the login form is loaded."> >> > > > > > > > <cfset var stResult = structnew() /> >> > > > > > > > <cfset var qResult = "" /> >> > >> > > > > > > > <cfimport >> taglib="/farcry/core/tags/formtools/" >> > > > > prefix="ft" >> > > > > > > > /> >> > >> > > > > > > > <!--- Return struct ---> >> > >> > > > > > > > <ft:processform> >> > > > > > > > <ft:processformObjects >> > > > > typename="#getLoginForm()#"> >> > > > > > > > <cfset stResult.userid = "" >> /> >> > > > > > > > <cfset stResult.authenticated >> = >> > > false >> > > > > /> >> > > > > > > > <cfset stResult.message = "" >> /> >> > >> > > > > > > > <!--- Find the user ---> >> > > > > > > > <cftry> >> > > > > > > > <cfldap >> > > > > > > > server="#application.config.ldap.host#" action="query" >> > > > > > > > name="qResult" start="#application.config.ldap.userstart#" >> > > > > > > > scope="base" attributes="*" username="#replace >> > >> > > (application.config.ldap.userdn,'{userid}',stProperties.username)#" >> > > > > > > > password="#stProperties.password#" /> >> > > > > > > > <cfset >> > > stResult.authenticated >> > > > > = true >> > > > > > > > /> >> > > > > > > > <cfset >> stResult.userid = >> > > > > > > > stProperties.username /> >> > >> > > > > > > > <cfcatch> >> > >> > > > > > > > <!--- CROTH: 1/29/09 >> > > disable >> > > > > the >> > > > > > > > return variable so that this >> > > > > > > > will also look in the FarcryUD >> > > > > > > > <cfset >> > > > > > > > stResult.authenticated = false /> >> > > > > > > > <cfset >> > > stResult.userid >> > > > > = >> > > > > > > > stProperties.username /> >> > > > > > > > <cfset >> > > > > stResult.message = >> > > > > > > > "The username or password is >> > > > > > > > incorrect" /> >> > > > > > > > ---> >> > > > > > > > <cfset stResult = >> > > StructNew()> >> > > > > > > > </cfcatch> >> > > > > > > > </cftry> >> > > > > > > > </ft:processformObjects> >> > > > > > > > </ft:processform> >> > >> > > > > > > > <cfreturn stResult /> >> > >> > > > > > > > </cffunction> >> > >> > > > > > > > On Jan 29, 2:24 pm, Blair McKenzie <[email protected]> >> wrote: >> > > > > > > > > Check that the ldap authenticate function is returning an >> empty >> > > > > struct >> > > > > > > > when >> > > > > > > > > there is no match. Every time the login page is loaded, >> FarCry >> > > > > loops >> > > > > > > > through >> > > > > > > > > the user directories trying to authenticate. As soon as a >> > > non-empty >> > > > > > > > struct >> > > > > > > > > is returned (empty == nothing to see here) it stops, and >> there >> > > was >> > > > > either >> > > > > > > > an >> > > > > > > > > error or the user is logged in. >> > >> > > > > > > > > On Fri, Jan 30, 2009 at 6:58 AM, Chris Roth < >> > > [email protected]> >> > > > > > > > wrote: >> > >> > > > > > > > > > Blair, >> > >> > > > > > > > > > Thanks for the pointers. I am close but dont seem to >> quite >> > > have >> > > > > it >> > > > > > > > > > right, perhaps a litte more guidance. >> > >> > > > > > > > > > Here's what I have done so far. >> > >> > > > > > > > > > I have a plugin cmiAD which is basically a modified >> version >> > > of >> > > > > > > > > > farcryldap. Its working just fine. >> > >> > > > > > > > > > In webtop - admin - edit config - general config - login >> > > props - >> > > > > > > > > > default UD I have set to my cmiAD >> > >> > > > > > > > > > At thie point I can login with either a Farcry or cmiAD >> user. >> > > The >> > > > > > > > > > login form has the select UD option..... following your >> > > > > guidance.. >> > >> > > > > > > > > > I have made the following changes to my cmiAD plugin >> files. >> > >> > > > > > > > > > 1. copied the folder\file farLogin\displayLogin.cfm from >> > > > > core\webskins >> > > > > > > > > > to \plugins\cmiAD\weskins >> > > > > > > > > > 2. commented out <sec:SelectUDLogin> in >> > > \plugins\cmiAD\weskins >> > > > > > > > > > \farLogin\displayLogin.cfm >> > >> > > > > > > > > > 3. cmiAD.cfc - modified getLoginForm to return farLogin >> > > > > > > > > > 4. cmiAD.cfc - commented out the setting of stResult >> > > variables >> > > > > between >> > > > > > > > > > the <cfcatch> tags >> > >> > > > > > > > > > Refresh app and I get 70% there. >> > >> > > > > > > > > > 1. My login page no longer has user directory select >> > > > > > > > > > 2. I can login with my AD account >> > > > > > > > > > 3. FAIL: I can not login with a farcry user account >> > >> > > > > > > > > > I suppose somwhere there needs to be instructions to >> pass the >> > > > > supplied >> > > > > > > > > > username/password to all "configured" User Directories, >> but I >> > > am >> > > > > not >> > > > > > > > > > sure where to put that. Help? >> > >> > > > > > > > > > On Jan 28, 3:24 pm, Blair McKenzie <[email protected]> >> wrote: >> > > > > > > > > > > 1. Modify the login skin for the default user >> directory >> > > to >> > > > > remove >> > > > > > > > the >> > > > > > > > > > > directory select >> > > > > > > > > > > 2. Modify the default user directory authentication >> > > function >> > > > > so >> > > > > > > > that a >> > > > > > > > > > > user-doesn't-exist failure does not return an error >> > > struct >> > > > > > > > > > > 3. Make sure that the authentication function for >> both >> > > user >> > > > > > > > > > directories >> > > > > > > > > > > process the form (e.g. they both use the farLogin >> form) >> > >> > > > > > > > > > > I think that's all you need. >> > >> > > > > > > > > > > Blair >> > >> > > > > > > > > > > On Thu, Jan 29, 2009 at 9:00 AM, Chris Roth < >> > > > > [email protected]> >> > > > > > > > > > wrote: >> > >> > > > > > > > > > > > I have modified the farcryldap plugin to work with >> our >> > > Active >> > > > > > > > > > > > Directory configuration, and from what I can tell >> thus >> > > far, >> > > > > its >> > > > > > > > > > > > working just fine (logins, groups, etc.) >> > >> > > > > > > > > > > > However, I really dislike the login page that now >> > > requires >> > > > > the user >> > > > > > > > to >> > > > > > > > > > > > "select" the user directory. >> > >> > > > > > > > > > > > We have AD users (internal employees) and FCUD users >> > > > > (external non- >> > > > > > > > ad >> > > > > > > > > > > > people) >> > >> > ... >> > >> > read more ยป- Hide quoted text - >> > >> > - Show quoted text - >> >> > > > > -- AJ Mercer Web Log: http://webonix.net Once you come to the realisation that everyone is crazy, You will never be surprised or disappointed ever again. AJM 2008 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "farcry-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/farcry-dev?hl=en -~----------~----~----~----~------~----~------~--~---
