Table of Contents
Advertisement
Reviewing the code
The following table describes the code and its function. Comments and some tab characters have
been removed for brevity.
Code
<cflogin>
<cfif isDefined("cflogin")>
<cfset LDAP_root = "o=mycompany.com">
<cfset LDAP_server ="ldap.mycompany.com">
<cfset LDAP_port="389">
<cfset userfilter = "(&(objectclass=*)
(uid=#cflogin.name#))">
<cfset LDAP_username = "cn=Directory
Manager">
<cfset LDAP_password = "password">
<cftry>
<cfldap action="QUERY"
name="userSearch"
attributes="dn"
start="#LDAP_root#"
scope="SUBTREE"
server="#LDAP_server#"
port="#LDAP_port#"
filter="#userfilter#"
username="#LDAP_username#"
password="#LDAP_password#"
>
<cfcatch type="Any">
<cfset UserSearchFailed = true>
</cfcatch>
</cftry>
<cfif NOT userSearch.recordcount OR
isDefined("UserSearchFailed")>
<cfoutput>
<script> alert("UID for #cflogin.name#
not found"); </script>
</cfoutput>
<cfabort>
</cfif>
<cftry>
<cfldap
action="QUERY"
name="auth"
attributes="cn"
start="ou=Product Support,dc=Allaire,
dc=com"
scope="SUBTREE"
server="#LDAP_server#"
port="#LDAP_port#"
filter="(&(objectClass=groupOfUniqueNames)
(uniquemember=#userSearch.dn#))"
username="#userSearch.dn#"
password="#cflogin.password#"
>
368
Chapter 16: Securing Applications
Description
Starts the
cflogin
tag body. Sets several of
the values used as attributes in the
tags as variables. This ensures that the same
value is used in both tags, and makes it easier
to change the settings if needed.
Sets the filter used to search the directory to
include the login name.
Sets the directory manager's user name and
password for the first query.
In a
cftry
block, uses the directory manager's
identity to get the distinguished name (dn) for
the user. If the user ID is not in the directory,
returns an empty record set.
Catches any exception. Sets a
UserSearchFailed flag to True.
Ends the
block.
cftry
If the LDAP lookup did not return any results,
or the UserSearchFailed flag is True, displays
an error message and ends processing of the
page. Uses the JavaScript
display the message in a dialog box.
In a
block, uses the distinguished name
cftry
from the previous query in the
attribute and the user-supplied password in
the
attribute to access the directory.
password
Uses the distinguished name from the
previous query in the
filter
the user's roles.
If either the dn or password is invalid, the
tag throws an error, which is caught in
cfldap
the
block.
cfcatch
cfldap
function to
alert
username
attribute to get
Advertisement
Table of Contents
Troubleshooting
Related Manuals for MACROMEDIA COLDFUSION MX 61-DEVELOPING COLDFUSION MX
Related Products for MACROMEDIA COLDFUSION MX 61-DEVELOPING COLDFUSION MX
- MACROMEDIA COLDFUSION MX 61-CFML
- MACROMEDIA COLDFUSION MX 61-GETTING STARTED BUILDING COLDFUSION MX
- MACROMEDIA COLDFUSION MX 61 - INSTALLING COLDFUSION MX FOR IBM WEBSPHERE APPLICATION SERVER
- MACROMEDIA COLDFUSION MX 61 - CONFIGURING AND ADMINISTERING COLDFUSION MX
- MACROMEDIA COLDFUSION MX 7.0.2-USING COLDFUSION MX WITH FLEX 2
- MACROMEDIA 38000382 - Macromedia JRun - Mac
- MACROMEDIA 38028779 - Macromedia Dreamweaver - Mac
- MACROMEDIA BREEZE
Need help?
Do you have a question about the COLDFUSION MX 61-DEVELOPING COLDFUSION MX and is the answer not in the manual?
Questions and answers