Connect to LDAP via ColdFusion

Question

I am trying to get the following connection to our LDAP working via ColdFusion, however, I can never get it to return any values (i.e. results.recordcount always equals 0). I assume my problem is with the "start" portion of the query so I did some research and have tried numerous values but nothing seems to work.

<cfldap 
  server = "adserver" 
  action = "query" 
  username = "DOMAIN\username" 
  password = "apassword" 
  name = "results" 
  scope="subtree" 
  start = "dc=domain.local" 
  attributes = "givenname,surname,uid,userid,groupMembership,mail,dn,roles,memberof,cn,samaccountName">

<cfoutput>
  #results.recordcount#
</cfoutput>

The structure of the AD that I'm trying to access is as follows. I'm trying to get to the "Users" section at the bottom of the tree shown.

Active Directory Users and Computers
- Saved queries
- domain.local
  - option1
  - option2
  - NAME1
    - option1
    - option2
    - NAME2
      - Computers
      - Disabled Users
      - Groups
      - Users

If I right-click on "User" and view the properties it tells me the canonical name for it is domain.local/NAME1/NAME2/Users, which I assume is relevant to my problem.

Any ideas what I should be using for the "start" portion of cfldap?

Thanks in advance.

Answer 1

Try somethign like this. I've had the best luck starting at a high level and then using the filter attribute to drill down.

<cfldap action="query" start="DC=server, DC=domain, DC=com" filter="OU=Users" 
username = "DOMAIN\username" password = "apassword" name = "results" 
scope="subtree" attributes = "givenname,surname,uid,userid,groupMembership,mail,dn,roles,memberof,cn,samaccountName">

Answer 2

I highly recommend browsing your AD with a program like Softerra's LDAP Browser (http://www.ldapbrowser.com/) and then locating the distinguished name of the hierarchy where you want to start searching. Using this, I was able to find the exact DN of the LDAP structure to target.