>
>There's a discrepancy that may be the issue in the way that CFLDAP's
>handling the final UTF-16LE encoded double-quote - that java's showing a
>"22 00" byte pair, but the CFLDAP's dropping the 2nd byte of the character:
>
>Java (works):
>0050: 0A 01 02 30 2E 04 0A 75 6E 69 63 6F 64 65 50 77 ...0...unicodePw
>0060: 64 31 20 04 1E 22 00 6E 00 65 00 77 00 50 00 61 d1 ..".n.e.w.P.a
>0070: 00 73 00 73 00 77 00 6F 00 72 00 64 00 31 00 21 .s.s.w.o.r.d.1.!
>0080: 00 22 00 A0 1B 30 19 04 17 32 2E 31 36 2E 38 34 ."...0...2.16.84
> ^^^^^
>
>CFLDAP (fails):
>0050: 0A 01 02 30 2B 04 0A 75 6E 69 63 6F 64 65 50 77 ...0+..unicodePw
>0060: 64 31 1D 04 1B 22 00 6E 00 65 00 77 00 50 00 61 d1...".n.e.w.P.a
>0070: 00 73 00 73 00 77 00 6F 00 72 00 64 00 31 00 22 .s.s.w.o.r.d.1."
> ^^
>0080: A0 1B 30 19 04 17 32 2E 31 36 2E 38 34 30 2E 31 ..0...2.16.840.1
> ^^
>
>So I'm suspecting AD's not liking the password. Nothing I do gets that
>double-quote right - seems to be deep inside the CFLDAP tag.
>
Dear Ed,
You are absolutely right and your post is the only one I was able to find on
the internet that explains this bug or simply unsupported feature of CFLDAP.
I experimented with it too and tried to add trailing 0's to the end of properly
formatted unicodePwd, but noticed that CFLDAP cuts off all bytes at the end of
attribute value whose ASCII code is less than or equal 32 (interestingly, when
I tried to add characters above ASCII code 127, 0 was not removed but some
bytes were added so this could not help with password reset either). I guess
that the idea was to remove all special characters, such as tabs, CR, LF, etc,
before submitting modify command to LDAP, therefore disabling us to reset AD
passwords.
As a reference to your code, I used a little bit different conversion
functions, since I worked on Coldfusion 6.1 and it does not support
charsetEncode/charsetDecode functions:
<cfset new_password = '"newPassword1"' />
<cfset a = ToString(new_password.getBytes("UnicodeLittleUnmarked")) />
Everything seemed fine, except CFLDAP and I couldn't make it work.
That's why I decided to try to inject java code in ColdFusion, as I could not
add java custom tags. After some experimenting with the code I could find on
the internet, I was able to make it work with the following lines:
<cfset new_password = '"newPassword1"' />
<cfset unicodePwd = new_password.getBytes("UnicodeLittleUnmarked") />
<cfset javaEnv = CreateObject("java", "java.util.Hashtable").Init() />
<cfset ldapsURL = "ldaps://someLDAPServer.somedomain.com:636" />
<cfset javaEnv.put("java.naming.provider.url", ldapsURL) />
<cfset javaEnv.put("java.naming.security.principal", "CN=Administrator,
CN=Users, dc=ad2003-dev, dc=com") />
<cfset javaEnv.put("java.naming.security.credentials",
"Administrator'sPassword") />
<cfset javaEnv.put("java.naming.security.authentication", "simple") />
<cfset javaEnv.put("java.naming.security.protocol", "ssl") />
<cfset javaEnv.put("java.naming.factory.initial",
"com.sun.jndi.ldap.LdapCtxFactory") />
<cfset javaCtx = CreateObject("java",
"javax.naming.directory.InitialDirContext").Init(javaEnv) />
<cfset javaAttr = CreateObject("java",
"javax.naming.directory.BasicAttributes").Init("unicodePwd", unicodePwd) />
<cfset javaCtx.modifyAttributes("CN=Ed Test, OU=Users, OU=Development, OU=IB,
dc=ad2003-dev, dc=com", javaCtx.REPLACE_ATTRIBUTE, javaAttr) />
<cfset javaCtx.close() />
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:335974
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
