Created
March 10, 2012 18:22
-
-
Save 65/2012376 to your computer and use it in GitHub Desktop.
cfldap and user authentication on Active Directory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<cfparam name="isAuthenticated" default="false"> | |
<cfparam name="logindomain" default="domain"> | |
<cfparam name="ldapServer" default="192.168.1.1"> | |
<cfparam name="dcStart" default="DC=domain,DC=co,DC=uk"> | |
<cfif IsDefined("form.username") AND form.username is not "" AND IsDefined("form.password") AND form.password is not ""> | |
<cftry> | |
<cfldap action="QUERY" | |
name="auth" | |
attributes="samAccountName" | |
start="#dcStart#" | |
scope="SUBTREE" | |
maxrows="1" | |
server="#ldapServer#" | |
username="#logindomain#\#form.username#" | |
password="#form.password#"> | |
<cfset isAuthenticated="true"> | |
<cfcatch type="ANY"> | |
<cfset isAuthenticated="no"> | |
</cfcatch> | |
</cftry> | |
</cfif> | |
<cfoutput> | |
<cfif isAuthenticated> | |
<p>You are authenticated: #isauthenticated# | |
<cfelse> | |
<p>Get out foul beast! | |
</cfif> | |
<form action="#cgi.script_name#" method="POST"> | |
<p>Enter a your login and pwd to see if you authenticate | |
<p>Username #logindomain#\<input type="Text" name="username" <cfif (IsDefined("form.username") AND form.username is not "")>value="#form.username#"</cfif>> | |
<br>password<input type="password" name="password" <cfif (IsDefined("form.password") AND form.password is not "")>value="#form.password#"</cfif>> | |
<br><input type="Submit" value="Login" name=""> | |
</form> | |
</cfoutput> |
I'm using Lucee version 5.2.9.31 with the above code and modifications to my server ip address, dcstart and username and password.
I get the following error: Lucee 5.2.9.31 Error (javax.naming.CommunicationException).
I've tried using the domain\username and AD distinguishing name format for the username.
Any ideas how to correct my connection issue?
Dale
I've found that this script works as is on a Windows based Coldfusion box against a Zentyal DC.
CentOS Lucee seems to want a filter attribute in cfldap as well. "cn=" in my case for same Zentyal DC.
Script works on both platforms with filter attribute.
Works great to authenticate the user.
How can I use this to get the cn?
I would like it to say "You are authenticated 'CN'"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, how to get groups? Like it is done with:
<cfntauthenticate listgroups="true"
OK. I found. in attributes specify only "givenName, memberOf".