Prev: Web Service SocketException: Default SSL context initfailed
Next: CFexchange and public folders
From: billdimit on 17 Dec 2008 23:55
Hi,
I need to convert all CF LDAP validation pages in my apps (OpenLDAP) to the
new AD server validations. No luck so far.

I cannot make an anonymous bind to AD using LDAP so I do need to bind to AD
prior to authenticating user. I?ve got a username/password account created for
it. I have also been told by System Admin that maybe I would need to use tha AD
userPrinciple

The LDAP code that works with the OpenLDAP:

<CFLDAP
SERVER="ldap.test.com.au"
PORT="389"
USERNAME="uid=#form.username#,ou=people,ou=staff,o=test.com.au"
PASSWORD="#form.password#"
ACTION="QUERY"
NAME="GetLDAPResults"
ATTRIBUTES="dn,ou,o,uid,cn,sn,title,mail,l,telephonenumber,roomnumber"
FILTER="uid=#form.username#"
START="ou=people,ou=staff,o=test.com.au">

I have tried this code with AD without any success:

<CFLDAP
SERVER="ad.test.com.au"
port="389"
scope="subtree"
USERNAME="#form.username#,OU=staff,DC=test,DC=com,DC=au"
PASSWORD="#form.username#"
ACTION="QUERY"
NAME="GetLDAPResults"
ATTRIBUTES="cn,mail"
filter="(#form.username#)"
START="OU=staff,DC=test,DC=com,DC=au">

The error message is:
Authentication failed:[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334,
comment: AcceptSecurityContext error, data 525, vece ]

The binding is the problem. How do I bind to AD?

Thanks,
b.


From: billdimit on 21 Dec 2008 19:49
Anyone?
b.
From: Ian Skinner on 22 Dec 2008 10:05
billdimit wrote:
> Hi,
> I need to convert all CF LDAP validation pages in my apps (OpenLDAP) to the
> new AD server validations. No luck so far.
>
> I cannot make an anonymous bind to AD using LDAP so I do need to bind to AD
> prior to authenticating user. I?ve got a username/password account created for
> it. I have also been told by System Admin that maybe I would need to use tha AD
> userPrinciple
>
> The LDAP code that works with the OpenLDAP:
>
> <CFLDAP
> SERVER="ldap.test.com.au"
> PORT="389"
> USERNAME="uid=#form.username#,ou=people,ou=staff,o=test.com.au"
> PASSWORD="#form.password#"
> ACTION="QUERY"
> NAME="GetLDAPResults"
> ATTRIBUTES="dn,ou,o,uid,cn,sn,title,mail,l,telephonenumber,roomnumber"
> FILTER="uid=#form.username#"
> START="ou=people,ou=staff,o=test.com.au">
>
> I have tried this code with AD without any success:
>
> <CFLDAP
> SERVER="ad.test.com.au"
> port="389"
> scope="subtree"
> USERNAME="#form.username#,OU=staff,DC=test,DC=com,DC=au"
> PASSWORD="#form.username#"
> ACTION="QUERY"
> NAME="GetLDAPResults"
> ATTRIBUTES="cn,mail"
> filter="(#form.username#)"
> START="OU=staff,DC=test,DC=com,DC=au">
>
> The error message is:
> Authentication failed:[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334,
> comment: AcceptSecurityContext error, data 525, vece ]
>
> The binding is the problem. How do I bind to AD?
>
> Thanks,
> b.
>
>

All I can tell you is that I don't do anything special with my
<cfldap...> tag to connect to Active Directory. A couple of possible
things to look at.

scope="subtree": Active directory can be very picky about permissions
and if the account you are using in username and password for *EVER*
branch and leaf of the entire subtree below your starting point you will
get this error. Try being more specific in your Start and|or only pick
the current branch until you have isolated what is causing the problem.

USERNAME="#form.username#,OU=staff,DC=test,DC=com,DC=au": That is not
the way my username field looks for accessing our active directory. For
us it goes username="windowsDomain\ADUserName".
From: billdimit on 23 Dec 2008 18:40
Hi,

I've tried everything and it still doesn't work.

Anyway, it is time for a break.

Thanks for your help. Marry Xmas and Happy New Year.

b.
From: billdimit on 23 Dec 2008 18:40
Hi,

I've tried everything and it still doesn't work.

Anyway, it is time for a break.

Thanks for your help. Marry Xmas and Happy New Year.

b.
 |  Next  |  Last
Pages: 1 2
Prev: Web Service SocketException: Default SSL context initfailed
Next: CFexchange and public folders