Skip to content

Instantly share code, notes, and snippets.

@65
Created March 10, 2012 18:22
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 65/2012376 to your computer and use it in GitHub Desktop.
Save 65/2012376 to your computer and use it in GitHub Desktop.
cfldap and user authentication on Active Directory
<cfparam name="isAuthenticated" default="false">
<cfparam name="logindomain" default="domain">
<cfparam name="ldapServer" default="192.168.1.1">
<cfparam name="dcStart" default="DC=domain,DC=co,DC=uk">
<cfif IsDefined("form.username") AND form.username is not "" AND IsDefined("form.password") AND form.password is not "">
<cftry>
<cfldap action="QUERY"
name="auth"
attributes="samAccountName"
start="#dcStart#"
scope="SUBTREE"
maxrows="1"
server="#ldapServer#"
username="#logindomain#\#form.username#"
password="#form.password#">
<cfset isAuthenticated="true">
<cfcatch type="ANY">
<cfset isAuthenticated="no">
</cfcatch>
</cftry>
</cfif>
<cfoutput>
<cfif isAuthenticated>
<p>You are authenticated: #isauthenticated#
<cfelse>
<p>Get out foul beast!
</cfif>
<form action="#cgi.script_name#" method="POST">
<p>Enter a your login and pwd to see if you authenticate
<p>Username #logindomain#\<input type="Text" name="username" <cfif (IsDefined("form.username") AND form.username is not "")>value="#form.username#"</cfif>>
<br>password<input type="password" name="password" <cfif (IsDefined("form.password") AND form.password is not "")>value="#form.password#"</cfif>>
<br><input type="Submit" value="Login" name="">
</form>
</cfoutput>
@Vintic
Copy link

Vintic commented Aug 5, 2019

Hi, how to get groups? Like it is done with: <cfntauthenticate listgroups="true"

OK. I found. in attributes specify only "givenName, memberOf".

@dmarinello
Copy link

I'm using Lucee version 5.2.9.31 with the above code and modifications to my server ip address, dcstart and username and password.

I get the following error: Lucee 5.2.9.31 Error (javax.naming.CommunicationException).

I've tried using the domain\username and AD distinguishing name format for the username.

Any ideas how to correct my connection issue?

Dale

@Kevinsky86
Copy link

Kevinsky86 commented Mar 11, 2020

I've found that this script works as is on a Windows based Coldfusion box against a Zentyal DC.
CentOS Lucee seems to want a filter attribute in cfldap as well. "cn=" in my case for same Zentyal DC.

Script works on both platforms with filter attribute.

@Makks-Tech
Copy link

Works great to authenticate the user.
How can I use this to get the cn?
I would like it to say "You are authenticated 'CN'"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment