Re: how to do a cfldap query
Mike, I found your thread about coldfusion not fixing the objectguid bug in cfldap. what is the workaround? How can I retrieve the objectguid and use it in a legible form? Thanks ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244787 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: how to do a cfldap query
Thanks everyone for your helpful replies. I finally got the ldap administrator working. Once I can connect to the directory ldap administrator helps a lot, but I found that connecting to it is the tricky part in its own right. I had the ip, username, password, but the base dn also was ok since it is just the domain name that is listed for the active directory server machine. But the user credentials part threw me off, since it is not enough to just give the username, but we have to give it in the ldap format (cn=ou=dc=...) which is what we are trying to get in the first place. After a lot of trial and errors I was finally able to connect and see whats what. I still need to play with it and my final goal is to be able to modify user info including password using cfldap. I really appreciate all your pointers. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244398 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: how to do a cfldap query
Congrats! Just remember, in these stand-alone LDAP browsers, you use the FQDN-style for the username. In CFLDAP, you use two other styles of username, as mentioned in a previous message. Modifying user info is not too bad once you get the hang of it. Here are some tips: * Be wary of commas. You should always set the delimiter and separator values in the CFLDAP tag. * Always use CFDUMP. * You cannot change passwords unless you have a SSL cert setup for the CF server and the AD domain controller. I use other methods of changing passwords. Good luck! M!ke -Original Message- From: Srinivasa Teja Palla [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 21, 2006 10:19 AM To: CF-Talk Subject: Re: how to do a cfldap query Thanks everyone for your helpful replies. I finally got the ldap administrator working. Once I can connect to the directory ldap administrator helps a lot, but I found that connecting to it is the tricky part in its own right. I had the ip, username, password, but the base dn also was ok since it is just the domain name that is listed for the active directory server machine. But the user credentials part threw me off, since it is not enough to just give the username, but we have to give it in the ldap format (cn=ou=dc=...) which is what we are trying to get in the first place. After a lot of trial and errors I was finally able to connect and see whats what. I still need to play with it and my final goal is to be able to modify user info including password using cfldap. I really appreciate all your pointers. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244416 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: how to do a cfldap query
Mike, what are the other methods to change passwords? Can you please throw some light on it? ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244471 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: how to do a cfldap query
http://acelinkdev.evansville.edu/hoflists/ Download PasswordChangeMethods.zip I have worked with two methods of changing a password. The first is using Windows' NET USER command. This is called using CFEXECUTE. The second is with a VB COM object using ADSI. Both examples are in that zip file. Neither are better/worse than the other. M!ke -Original Message- From: Srinivasa Teja Palla [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 21, 2006 2:42 PM To: CF-Talk Subject: Re: how to do a cfldap query Mike, what are the other methods to change passwords? Can you please throw some light on it? ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244481 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: how to do a cfldap query
This should get you going.. also go to http://www.ldapadministrator.com http://www.ldapadministrator.com/and download their ldap browser. It will give you all the information you need in order to get you going cfscript //!--- setting basic LDAP server attributes - DRAGON --- root = dc=ADOBE,dc=COM; servername = YOUR LDAP SERVER IP; port = 389; //!--- Attributes must include uid and dn. These are used within the 2 authorization queries. --- attributes = dn,description,useraccountcontrol,userpassword,ntseecuritydescriptor,pwdlas tset; //!--- passing the username and password of the user to authenticate --- //!--- you can use this secion here if you want to use a form submitted username and password for loggin into to an app --- uid = #form.user#; password = #form.pword#; //!--- this filter will look in the objectclass for the user's ID --- filter = ((objectclass=*)(sAMAccountName=#uid#)); //!--- use directory manager id to allow a read of the password to authenticate users --- LDAP_username = CN=Admin USER NAME,OU=ADMIN GROUP,OU=Admin GROUP,OU= Admin GROUP,DC=ADOBE,DC=COM; LDAP_password = Admin Password; /cfscript !--- search for the user's dn, this is used below to authenticate the user NOTE: We must do this as the Directory Manager in order to return the password. --- cftry cfldap action=QUERY name=userSearch attributes=#attributes# start=#root# scope=SUBTREE server=#servername# port=#port# filter=#filter# username=#LDAP_username# password=#LDAP_password# cfcatch type=Any cfset UserSearchFailed = true /cfcatch /cftry -- Brian -- ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244304 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: how to do a cfldap query
Usually the start will be your DNS domain name, but broken up a bit. For example, if your DNS domain name is palla.com, then your start would be dc=palla,dc=com. From there, make use of CFDUMP in all of your LDAP queries. If you specify a wildcard for the attributes (attributes=*) you will get quite a bit of stuff that you can dump to your browser. However, I seem to remember that you could not use a wildcard when your start was the root of your domain. In other words: [cfldap ... start = dc=palla,dc=com attributes=* ... /] Would either throw an error or would just not return any records. But, if you add an Organizational Unit (OU) to the start attribute, it will work: [cfldap ... start = ou=users,dc=palla,dc=com attributes=* ... /] If you must start at the root of your domain, which you probably should, then you just cannot use a wildcard. (Unless this has been fixed in a recent updater.) Is there any particular task you are trying to accomplish? We may be able to get you started in the right direction if you provide us with the requirements. M!ke -Original Message- From: Srinivasa Teja Palla [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 20, 2006 4:07 PM To: CF-Talk Subject: how to do a cfldap query Hi, I have been putting this off for a while, I have a active directory server, I know the IP, I know the username and password with admin rights on this server. How do i query this using cfldap to get list of all users to start with. I know I have to give a start DN but how do I know the DN ? Where can i get the DN from? I have access to the LDAP machine. Please help. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244309 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: how to do a cfldap query
Thanks for your prompt help. I am downloading the ldapadministrator, meanwhile, if my username is ldaptest and password is password.1 how should my username and password values look like? I couldn't get it to work from what you wrote.(got an error invalid authentication). Also what do those multiple (and same valued) OU entries in username mean?? Thanks for your help ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244310 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: how to do a cfldap query
There is a neat little program called softerra LDAP browser that is handy for figuring out LDAP schemas. -Nate -Original Message- From: Srinivasa Teja Palla [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 20, 2006 4:07 PM To: CF-Talk Subject: how to do a cfldap query Hi, I have been putting this off for a while, I have a active directory server, I know the IP, I know the username and password with admin rights on this server. How do i query this using cfldap to get list of all users to start with. I know I have to give a start DN but how do I know the DN ? Where can i get the DN from? I have access to the LDAP machine. Please help. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244312 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: how to do a cfldap query
Mike, That was helpful.. I am trying to read all the user info from the directory to start with. Later on I will have to modify the user information etc, but seems like I am stuck on the first step. Can you throw some light on using username and password attributes? If I have an account ldaptest and password.1 as the suername and password, how would I use it in my example? Thanks ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244316 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: how to do a cfldap query
This is what I tried to use, and I get a invalid authentication message. What else do I have to do to read the users list? cfldap server = 192.168.100.15 port = 389 username = CN=ldaptest, OU=ADMIN GROUP, OU=Admin GROUP, OU= Admin GROUP, DC=ecs-net, DC=COM password = password.1 action = query name = getUsers timeout = 4000 maxRows = 50 start = ou=Users, dc=ecs-net, dc=com attributes = * scope=subtree ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244318 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: how to do a cfldap query
Here is my LDAP code I use to read users from our active directory. cfldap name=Entity username=theUserName password=thePassword server=sms01 action=query attributes=displayname, mail, sn, cn, givenName, name, userPrincipalName, dn,samAccountName, sAMAccountType, memberOf, extensionName, telephoneNumber scope=subtree start=DC=smfbc,DC=org filter = ((objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=smfbc,DC=org)(cn=#url.un#)) sort=CN As you can see, you just put your username in that parameter not the fully qualified distinguished name, at least that is all I do. -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA - | 1 | | - Binary Soduko | | | - C code. C code run. Run code run. Please! - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244321 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: how to do a cfldap query
This is what I tried to use, and I get a invalid authentication message. What else do I have to do to read the users list? Have you tried using a standalone LDAP client, like the Softerra LDAP Browser? Does your LDAP server require SSL? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244322 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: how to do a cfldap query
With AD, you specify the username in either of the following styles: domain\username (also known as domain\sAMAccountName) [EMAIL PROTECTED] (also known as userPrincipalName) In my previous example, your DNS domain was palla.com, so in the CFLDAP tag, set the user name to either: palla\srinivasa [EMAIL PROTECTED] Other directory services require a fully-qualified distinguished name as the login username, however, AD does not. ALSO!! Drop the timeout attribute if you are retrieving hundreds of objects with a single query. There was/is a bug in CFLDAP where the number of records returned, from the LDAP call, would vary greatly. One time you may return 400 records. A subsequent refresh may return 380 records. You are better off without the timeout attribute regardless. -Original Message- From: Srinivasa Teja Palla [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 20, 2006 5:11 PM To: CF-Talk Subject: Re: how to do a cfldap query This is what I tried to use, and I get a invalid authentication message. What else do I have to do to read the users list? cfldap server = 192.168.100.15 port = 389 username = CN=ldaptest, OU=ADMIN GROUP, OU=Admin GROUP, OU= Admin GROUP, DC=ecs-net, DC=COM password = password.1 action = query name = getUsers timeout = 4000 maxRows = 50 start = ou=Users, dc=ecs-net, dc=com attributes = * scope=subtree ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244328 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54