Adobe 38043740 - ColdFusion Standard - Mac Development Manual page 367

DEVELOPING COLDFUSION 9 APPLICATIONS
Developing CFML Applications
Using an LDAP directory for security information
LDAP directories are often used to store security information. The following example of a
LDAP directory to authenticate the user and retrieve the user's roles.
For more information on using LDAP directories with ColdFusion, see
<cfapplication name="Orders" sessionmanagement="Yes" loginstorage="Session">
<cflogin>
<cfif isDefined("cflogin")>
<!--- setting basic attributes --->
<cfset LDAP_root = "o=mycompany.com">
<cfset LDAP_server = "ldap.mycompany.com">
<cfset LDAP_port = "389">
<!--- Create the prefix and suffix parts of the user's DN. --->
<cfset userPrefix = "cn=">
<cfset userSuffix = ",ou=Users,o=mycompany.com">
<!--- Concatenate the user's DN and use it to authenticate. --->
<cfset LDAP_username = userPrefix&cflogin.name&userSuffix>
<!--- This filter will look for groups for containing the user's ID. --->
<cfset userfilter =
"(&(objectClass=groupOfUniqueNames)(uniqueMember=#LDAP_username#))">
<!--- Search for groups containing the user's dn.
The groups represent the user's roles.
NOTE: Your LDAP permissions must allow authenticated users to search.
groups. --->
<cftry>
<cfldap action="QUERY"
name="auth"
attributes="cn"
referral="yes"
start="#LDAP_root#"
scope="SUBTREE"
server="#LDAP_server#"
port="#LDAP_port#"
filter="#userfilter#"
username="#LDAP_username#"
password="#cflogin.password#"
>
<cfcatch type="any">
<cfif FindNoCase("Invalid credentials", cfcatch.detail)>
<cfoutput>
<script>alert("User ID or Password invalid for user:
Last updated 1/20/2012
cflogin
"Managing LDAP Directories" on page 449.
362
tag checks an