Reputation: 21
How to Search from the root of Active Directory in Coldfusion
I'm attempting to use the Coldfusion Login Wizard to query Active Directory, however I'm having a problem with the directory structure. Essentially, I need to query from multiple nested OUs that are under the same root OU. So for instance, the OU "Admin" and "Staff" are children of the OU "School Users". I'm able to use the following code to successfully query each sub OU individully, but I can't query the root (School Users) OU.
<!-- This is the include file that sets the attributes and collects the username and password passed by the user-->
<cfset args.authtype = "LDAP">
<cfset args.server = "ads.schoolname.org">
<cfset args.port = "389">
<cfset args.start = "dc=schoolname, dc=org">
<cfset args.suser = "usr">
<cfset args.spwd = "password">
<cfset args.queryString = "cn={username},OU=ADMIN,OU=SCHOOL USERS,DC=SCHOOLNAME,DC=ORG">
<!-- The following is a snippet of the authenticate file that takes the above info and attempts to query and authenticate the user -->
<cffunction name="ldapauth" access="private" output="true" returntype="struct" hint="Authenticate against a LDAP server." >
<cfargument name="lServer" required="true" hint="The LDAP server.">
<cfargument name="lPort" hint="The port the LDAP server is running on.">
<cfargument name="sUsername" required="true" hint="The username that was set in the Login Wizard.">
<cfargument name="sPassword" required="true" hint="The password that was set in the Login Wizard.">
<cfargument name="uUsername" required="true" hint="The username that was passed in from the client.">
<cfargument name="uPassword" required="true" hint="The password that was passwd in from the client.">
<cfargument name="sQueryString" required="true" hint="The string to be passed to the LDAP server">
<cfargument name="lStart" required="true">
<cfset var retargs = StructNew()>
<cfset var username = replace(sQueryString,"{username}",uUserName)>
<cfldap action="QUERY"
name="userSearch"
attributes="dn"
start="#arguments.lStart#"
server="#arguments.lServer#"
port="#arguments.lPort#"
username="#arguments.sUsername#"
password="#arguments.sPassword#" >
<!--- If user search failed or returns 0 rows abort --->
<cfif userSearch.recordCount EQ "" >
<cfoutput>Error</cfoutput>
</cfif>
<!--- pass the user's DN and password to see if the user authenticates
and get the user's roles --->
<cfldap
action="QUERY"
name="auth"
attributes="dn,roles"
start="#arguments.lStart#"
server="#arguments.lServer#"
port="#arguments.lPort#"
username="#username#"
password="#arguments.uPassword#" >
<!--- If the LDAP query returned a record, the user is valid. --->
<cfif auth.recordCount>
<cfset retargs.authenticated="YES">
<!--- return role here, default role is always "user" --->
<cfset retargs.roles = "user">
</cfif>
<cfreturn retargs>
</cffunction>
Thanks for the help
Upvotes: 2
Views: 246
Answers (2)
Reputation: 21
I figured out the issue. I needed to add the scope of subtree, but also change the way the username was being authenicated from CN=something to an email address with the domain
Upvotes: 0
Reputation: 1741
You can use scope attribute of cfldap and set it to subtree:
It will allow search from the start entry and all levels below it.
Upvotes: 2
Related Questions
- How to search AD Global Caalogue rather than Domain Controller?
- Coldfusion cfldap: List all members of a list of AD OU groups
- Active Directory Custom Search LDAP query
- Connect to LDAP via ColdFusion
- Search Folders in ColdFusion 9
- Search Active Directory without using LDAP
- How can I query an LDAP server to see which groups I belong to?
- Ldap query in coldfusion isnt working
- Search ActiveDirectory using full name in C#?
- Coldfusion LDAP Authentication issue / domain prefix