我正在尝试使用Coldfusion登录向导来查询Active Directory,但是我遇到了目录结构问题。本质上,我需要从同一根OU下的多个嵌套OU进行查询。因此,例如,OU“Admin”和“Staff”是OU“School Users”的子项。我能够使用以下代码单独成功查询每个子OU,但我无法查询根(学校用户)OU。
<!-- This is the include file that sets the attributes and collects the username and password passed by the user-->
<cfset args.authtype = "LDAP">
<cfset args.server = "ads.schoolname.org">
<cfset args.port = "389">
<cfset args.start = "dc=schoolname, dc=org">
<cfset args.suser = "usr">
<cfset args.spwd = "password">
<cfset args.queryString = "cn={username},OU=ADMIN,OU=SCHOOL USERS,DC=SCHOOLNAME,DC=ORG">
<!-- The following is a snippet of the authenticate file that takes the above info and attempts to query and authenticate the user -->
<cffunction name="ldapauth" access="private" output="true" returntype="struct" hint="Authenticate against a LDAP server." >
<cfargument name="lServer" required="true" hint="The LDAP server.">
<cfargument name="lPort" hint="The port the LDAP server is running on.">
<cfargument name="sUsername" required="true" hint="The username that was set in the Login Wizard.">
<cfargument name="sPassword" required="true" hint="The password that was set in the Login Wizard.">
<cfargument name="uUsername" required="true" hint="The username that was passed in from the client.">
<cfargument name="uPassword" required="true" hint="The password that was passwd in from the client.">
<cfargument name="sQueryString" required="true" hint="The string to be passed to the LDAP server">
<cfargument name="lStart" required="true">
<cfset var retargs = StructNew()>
<cfset var username = replace(sQueryString,"{username}",uUserName)>
<cfldap action="QUERY"
name="userSearch"
attributes="dn"
start="#arguments.lStart#"
server="#arguments.lServer#"
port="#arguments.lPort#"
username="#arguments.sUsername#"
password="#arguments.sPassword#" >
<!--- If user search failed or returns 0 rows abort --->
<cfif userSearch.recordCount EQ "" >
<cfoutput>Error</cfoutput>
</cfif>
<!--- pass the user's DN and password to see if the user authenticates
and get the user's roles --->
<cfldap
action="QUERY"
name="auth"
attributes="dn,roles"
start="#arguments.lStart#"
server="#arguments.lServer#"
port="#arguments.lPort#"
username="#username#"
password="#arguments.uPassword#" >
<!--- If the LDAP query returned a record, the user is valid. --->
<cfif auth.recordCount>
<cfset retargs.authenticated="YES">
<!--- return role here, default role is always "user" --->
<cfset retargs.roles = "user">
</cfif>
<cfreturn retargs>
</cffunction>
感谢您的帮助
答案 0 :(得分:2)
您可以使用scope的{{1}}属性并将其设置为cfldap:
它将允许从开始条目及其下面的所有级别进行搜索。
答案 1 :(得分:0)
我想出了这个问题。我需要添加scope子树,但也要更改用户名从CN =某个地方识别到域名的电子邮件地址的方式