CODEWITHSUNDEEP
coldfusionactive-directory
Todd K
Todd K

Reputation: 73

How can I successfully bind with CFLDAP?

I'm trying to query AD for groups etc associated with a specified username. I have confirmed with my associates that I should have permissions to query AD. Using the following code in my ColdFusion page:

<cfldap server="my.server.com"
action="query"
name="results"
attributes="dn,cn,sn,givenname,uid"
start="CN=Users,DC=my,DC=server,DC=com"
filter="(&(objectclass=user)(sn=*todd*))"
scope="onelevel" 
maxrows=100
>

But I'm getting the error:

"An error has occurred while trying to execute query :[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09079A, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0 ]."

Any help/direction is greatly appreciated.

Upvotes: 0

Views: 1389

Answers (1)

LisaJ
LisaJ

Reputation: 1706

Active Directory rarely has anonymous read enabled, so you need to bind before performing any searches. I use a dedicated "system" account for this (you can use yours, but then the whole thing falls over next time you change your password). Below is what I use for a form that handles user authentication. This is LDAPS, which requires that your java instance trusts the signer of the directory cert -- it's often easier to start with clear text LDAP, get everything working, then switch over to SSL. 

<!--- If the server has been defined, run the query --->
<CFIF IsDefined("form.server")>
    <!--- check to see that there is a name listed --->
    <CFIF form.name is not "">
        <!--- make the LDAP query --->
        <cfldap action="QUERY"
           server="my.server.com"
           port="636"
           username="cn=YOURSYSTEMIDGOESHERE,ou=systemids,dc=my,dc=server,dc=com"
           password="YOURPASSWORDGOESHERE"
           name="getldap"
           start="CN=Users,DC=my,DC=server,DC=com"
           attributes="dn"
           scope="subtree"
           filter="(&(objectclass=user)(sAMAccountName=#form.uid#))"
           secure="CFSSL_BASIC"
           maxrows="10">
        <CFIF getldap.RecordCount GT 1>
            <!--- Too many accounts exist in LDP, throw message to call the help desk --->
        <CFELSEIF getldap.RecordCount EQ 0>
            <!--- User does not exist in directory, fail auth --->
        <CFELSE>
            <!--- Attempt Authentication using supplied credentials --->
            <cfldap action="QUERY"
                   server="my.server.com"
                   port="636"
                   username="#getldap.dn#"
                   password="#form.password#"
                   name="attemptauth"
                   secure="CFSSL_BASIC"
                   start="CN=Users,DC=my,DC=server,DC=com"
                   attributes="dn"
            >
            <!--- Do something here to catch errors, on return code 0, auth is successful --->
            <!--- Error code 19, hex 0x13) is a locked out account and fail auth --->
            <!--- Error code 49, hex 0x31) is an invalid password error and fail auth --->
            <!--- Other errors are system-type problems, throw try again / call help desk type error --->
        </CFIF>
    </CFIF>
</CFIF>

asdfa

Upvotes: 1

Related Questions