lpmartineau
Technical User
Hello everyone,
I am trying to authenticate a user against ldap (unix and AD) and I have a strange problem.
I tried both the AD ldap server of my company as well as the Unix ldap.
my account works just fine, my password is along the lines of $Word3534
when I was using only AD ldap a user had a password with a : in it,
Word3534) and the page gave a nice error message, by changing to Unix LDAP this is fixed. now though my test user with a password of Word:3534 and we get Inappropriate authentication. now I know the password words as I tested it on several systems.
Any ideas why this is happening?
here is the code in my application.cfm
Thank you.
Have a great day.
Luc
I am trying to authenticate a user against ldap (unix and AD) and I have a strange problem.
I tried both the AD ldap server of my company as well as the Unix ldap.
my account works just fine, my password is along the lines of $Word3534
when I was using only AD ldap a user had a password with a : in it,
Word3534) and the page gave a nice error message, by changing to Unix LDAP this is fixed. now though my test user with a password of Word:3534 and we get Inappropriate authentication. now I know the password words as I tested it on several systems.Any ideas why this is happening?
here is the code in my application.cfm
Code:
<CFAPPLICATION name="Secureapp" Sessionmanagement="Yes" LoginStorage=Session sessiontimeout="#createtimespan(30, 0, 15, 0)#">
<!---#### Code within the CFLOGIN container runs for every request until the user is logged in with <CFLOGINUSER>. ####--->
<cflogin idletimeout = "1080">
<!---#### Check for the existence of the CFLOGIN scope. Only exists if you use j_username and j_password form fields, HTTP Basic Authentication, Flash Remoting, or Integrated/Digest authentication. ####--->
<cfif isDefined('cflogin')>
<!---#### Ensure the CFLOGIN variables are not empty. Your form should perform this validation by default. ####--->
<cfif len(trim(cflogin.name)) or len(trim(cflogin.password))>
<!---#### Authenticate to the LDAP and retrieve necessary attributes. ####--->
<cfset ldap_name = LCase(trim(cflogin.name))>
<cfset ldap_pwd = trim(cflogin.password)>
<cfset ldap_uname = "uid="&#cflogin.name#&",ou=people,o=company.com">
<cfldap action="QUERY"
name="authentication"
attributes="uid,employeeType"
start="ou=people,o=company.com"
scope="SUBTREE"
filter="uid=#ldap_name#"
server="dir.company.com"
port="389"
username="#ldap_uname#"
password="#ldap_pwd#">
<cfif authentication.recordCount>
<cfldap action="query"
name="GetGroups"
start="dc=company,dc=com"
Scope="subtree"
maxrows="1"
attributes="cn,sn,displayName,Group-Attributes,employeeType,givenname,Title,l,memberOf,department"
filter="(|(objectclass=User)(cn=#cflogin.name#))"
server="AD.company.com"
Port="389"
username="cn=genericaccount,dc=company,dc=com"
password="password"
separator=";">
<cfset myroles="default">
<cfloop index="x" list="#GetGroups.memberOf#" delimiters=";">
<cfset myroles = listappend(myroles, ListFirst(x, ','),',')>
<!---<cfset writeoutput(ListFirst(x, ','))>--->
</cfloop>
<cfif GetGroups.recordCount>
<!---#### LDAP authentication successful; Login using cfloginuser and the appropriate roles. ####--->
<cfloginuser name="#cflogin.name#" password="#cflogin.password#" roles="#myroles#" />
<cfset SESSION.auth.firstName = GetGroups.givenname>
<cfset SESSION.auth.lastName = GetGroups.sn>
<cfset SESSION.auth.cn = GetGroups.cn>
<cfset SESSION.auth.type = GetGroups.employeeType>
<cfelse>
<!---#### Validation Failed ####--->
</cfif>
<cfelse>
<!---#### CFLOGIN variables are empty. Either throw an error or return to login. ####--->
Error!
</cfif>
</cfif>
</cfif>
</cflogin>Thank you.
Have a great day.
Luc