Re: using NT accounts for username/password login authentication
Matt, I have set up CFA with the new user Directory and I can see the LDAP schema with [Add/Remove Users for Policy LetThemIn from User Directory Distributors] and I have access to LDAP via the Account Managers account on our test LDAP server. I am thinking that I need to be more specific about Search Root, Lookup Start and Lookup End. I have; Search Root o=gmu.edu Lookup Start ((objectclass=* (uid=)) Lookup End ou=people,o=gmu.edu I have found some examples on the net but nothing specific in the manuals. I am following the examples in Chapter 6 of Allarie's Advanced Application Development manual on the server side setup and I am using their SuperGadgets templates for authentication. When I try to login to the SuperGadgets I get Error Diagnostic Information CFAuthenticate Tag Error. Invalid User 'dvadar' for Security Context 'Extranet'. (This is a valid user on our test LDAP server.) I have our email administrator is reviewing their LDAP environmental settings to see if they have some security settings that might be preventing my authentication attempts. We do have privacy flags for students that desire to not have any email and phone information to be made available. I have also used the CFLDAP tags and have been able to query the directory. I have also attempted to delete a test account with an account that did not have the appropriate access and I got an error message that the account had insufficient access. I did not proceed with CFLDAP because authentication through the server settings seemed to be a more appropriate method. With all that being said, I believe that I need to be more specific with the Lookup Start and Lookup End. Any insight that you could provide would be greatly appreciated. Jerre Matt Eschenbaum wrote: Set up the LDAP in the CFA as a new user Directory. You will need to point it to the LDAP server (via IP or Domain Name). You will need an account with sufficient privileges, search root, Lookup start, and the lookup end. You can then set a context to use the cfauthenticate tag. This can be time consuming but once done works rather well. Depending on your access to the LDAP server schema, you can also utilize the CFLDAP tag to authenticate as well as query for information on the server. Sincerely, Matthew M. Eschenbaum Allaire Certified Professional DevTech Inc. [EMAIL PROTECTED] 206.956.0888 www.dev-tech.com -Original Message- From: Christopher Olive, CIO [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 1:21 PM To: CF-Talk Subject: RE: using NT accounts for username/password login authentication um...you did post to the list. :) ldap is a different animal. i've never really used it for authentication, besides Win2K's ACLs being LDAP-compliant. you're probably going to want to look into Advanced Security. it can use an LDAP database for suthentication. of course, it's a BEAST to setup. chris olive, cio cresco technologies [EMAIL PROTECTED] http://www.crescotech.com -Original Message- From: Jerre Hale [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 3:52 PM To: CF-Talk Subject: Re: using NT accounts for username/password login authentication Chris, Sorry to respond to you this way. I subscribed to this list only today. I am looking for help on authenticating users against an ldap directory but have not quite gotten there yet and I cannot see how to post to the list. Any pointers on how to post to the list would be appreciated. Then I will be more descriptive in my question. Thanks, Jerre Christopher Olive, CIO wrote: if you're running IIS, just switch off anonymous access. users will be prompted for their NT password, and the ACL on that directory/file will take over. if they're not authorized, they get a 403.1 error. chris olive, cio cresco technologies [EMAIL PROTECTED] http://www.crescotech.com -Original Message- From: Philip Humeniuk [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 12:09 PM To: CF-Talk Subject: Re: using NT accounts for username/password login authentication How would you go about accessing the NT accounts and use those username/password for login authentication rather than accessing an MS Access database? Has anyone done this before? ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: using NT accounts for username/password login authentication
How would you go about accessing the NT accounts and use those username/password for login authentication rather than accessing an MS Access database? Has anyone done this before? ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: using NT accounts for username/password login authentication
if you're running IIS, just switch off anonymous access. users will be prompted for their NT password, and the ACL on that directory/file will take over. if they're not authorized, they get a 403.1 error. chris olive, cio cresco technologies [EMAIL PROTECTED] http://www.crescotech.com -Original Message- From: Philip Humeniuk [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 12:09 PM To: CF-Talk Subject: Re: using NT accounts for username/password login authentication How would you go about accessing the NT accounts and use those username/password for login authentication rather than accessing an MS Access database? Has anyone done this before? ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: using NT accounts for username/password login authentication
Chris, Sorry to respond to you this way. I subscribed to this list only today. I am looking for help on authenticating users against an ldap directory but have not quite gotten there yet and I cannot see how to post to the list. Any pointers on how to post to the list would be appreciated. Then I will be more descriptive in my question. Thanks, Jerre Christopher Olive, CIO wrote: if you're running IIS, just switch off anonymous access. users will be prompted for their NT password, and the ACL on that directory/file will take over. if they're not authorized, they get a 403.1 error. chris olive, cio cresco technologies [EMAIL PROTECTED] http://www.crescotech.com -Original Message- From: Philip Humeniuk [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 12:09 PM To: CF-Talk Subject: Re: using NT accounts for username/password login authentication How would you go about accessing the NT accounts and use those username/password for login authentication rather than accessing an MS Access database? Has anyone done this before? ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: using NT accounts for username/password login authentication
um...you did post to the list. :) ldap is a different animal. i've never really used it for authentication, besides Win2K's ACLs being LDAP-compliant. you're probably going to want to look into Advanced Security. it can use an LDAP database for suthentication. of course, it's a BEAST to setup. chris olive, cio cresco technologies [EMAIL PROTECTED] http://www.crescotech.com -Original Message- From: Jerre Hale [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 3:52 PM To: CF-Talk Subject: Re: using NT accounts for username/password login authentication Chris, Sorry to respond to you this way. I subscribed to this list only today. I am looking for help on authenticating users against an ldap directory but have not quite gotten there yet and I cannot see how to post to the list. Any pointers on how to post to the list would be appreciated. Then I will be more descriptive in my question. Thanks, Jerre Christopher Olive, CIO wrote: if you're running IIS, just switch off anonymous access. users will be prompted for their NT password, and the ACL on that directory/file will take over. if they're not authorized, they get a 403.1 error. chris olive, cio cresco technologies [EMAIL PROTECTED] http://www.crescotech.com -Original Message- From: Philip Humeniuk [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 12:09 PM To: CF-Talk Subject: Re: using NT accounts for username/password login authentication How would you go about accessing the NT accounts and use those username/password for login authentication rather than accessing an MS Access database? Has anyone done this before? ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: using NT accounts for username/password login authentication
Set up the LDAP in the CFA as a new user Directory. You will need to point it to the LDAP server (via IP or Domain Name). You will need an account with sufficient privileges, search root, Lookup start, and the lookup end. You can then set a context to use the cfauthenticate tag. This can be time consuming but once done works rather well. Depending on your access to the LDAP server schema, you can also utilize the CFLDAP tag to authenticate as well as query for information on the server. Sincerely, Matthew M. Eschenbaum Allaire Certified Professional DevTech Inc. [EMAIL PROTECTED] 206.956.0888 www.dev-tech.com -Original Message- From: Christopher Olive, CIO [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 1:21 PM To: CF-Talk Subject: RE: using NT accounts for username/password login authentication um...you did post to the list. :) ldap is a different animal. i've never really used it for authentication, besides Win2K's ACLs being LDAP-compliant. you're probably going to want to look into Advanced Security. it can use an LDAP database for suthentication. of course, it's a BEAST to setup. chris olive, cio cresco technologies [EMAIL PROTECTED] http://www.crescotech.com -Original Message- From: Jerre Hale [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 3:52 PM To: CF-Talk Subject: Re: using NT accounts for username/password login authentication Chris, Sorry to respond to you this way. I subscribed to this list only today. I am looking for help on authenticating users against an ldap directory but have not quite gotten there yet and I cannot see how to post to the list. Any pointers on how to post to the list would be appreciated. Then I will be more descriptive in my question. Thanks, Jerre Christopher Olive, CIO wrote: if you're running IIS, just switch off anonymous access. users will be prompted for their NT password, and the ACL on that directory/file will take over. if they're not authorized, they get a 403.1 error. chris olive, cio cresco technologies [EMAIL PROTECTED] http://www.crescotech.com -Original Message- From: Philip Humeniuk [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 12:09 PM To: CF-Talk Subject: Re: using NT accounts for username/password login authentication How would you go about accessing the NT accounts and use those username/password for login authentication rather than accessing an MS Access database? Has anyone done this before? ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists