EasyCFM.COM - View Tutorial

Tutorials Community Forums Careers

Using CFLDAP to Query or Modify Active Directory

By: Mike Daugherty

Using CFLDAP to Query Active Directory

The CFLDAP command gives you the ability to query Active Directory to pull out (or insert) information into AD. Once place it has been useful in our organization is for creating an online directory and keeping it up to date. This can also be used to check an account against active directory for authorization. Here’s how it works:

To query active directory based on a person’s username, use the following:

First build a form, call it login.cfm and add to fields:
One textbox called username and the other called password.
Add a submit button and pass the form data to a page called adquery.cfm

Here’s the code for the adquery.cfm page. Put this right at the top of the page:

<cfldap action="query"
           server="servername.domain.net"
           name="Results"
           start="DC=domain,DC=net"
          filter="(&(objectclass=user)(SamAccountName=#form.username#))"
           username="domainname\#form.username#"
           password="#form.password#"
           attributes = "cn,o,l,st,sn,c,mail,telephonenumber, givenname,homephone, streetaddress, postalcode, SamAccountname, physicalDeliveryOfficeName, department">

Action: explain what you want to do
Server: your server
Name: Name of your query
Start: Where your query should start. If you have a large AD, you can search certain OU by adding an OU= in front of the DC part.
Filter: filters out computer accounts by setting it to Objectclass=user. The SamAccountName part says only retrieve records where the Username is what you put in on the form before this page.
Username: This is the username to validate againist the server with. In this case, I am using the info from the form. You can fill this in statically with an account that is used just for this purpose.
Password: Account password.
Attributes: These are the field you want to pull from active directory. Most of them are pretty self explanitory.

Then just use the field on the page like you would use any other database query.

Now, to modify AD with CFLDAP, we change the code a little. First create a form with the field on it you want to modify. In this case, we’ll use mobile phone and postal code. Pass those variable to a page containing the following:

<cfldap action="modify"
           DN="#form.dn#"
           attributes="postalcode=#form.postalcode#;mobile=#form.mobile"
           modifytype="replace"
           server="server.domain.net"
           username="username"
           password="password">

Notice we change the action to modify instead of query.

DN: The Distiningued name of the object you want to modify. Look this one up on Microsoft if you have problems.
Attributes: Fields in AD we wanna modify.
ModifyType: Replace. We are not adding or deleting info, we are just replacing it.
Server: servername
Username: username of the account you want to use to modify AD, not the account you are modifying.
Password: password

Good luck with this guys. It can be a great tool, but can be a pain to get working. The code has to be flawless or you’ll get an error. Look online at a few other sites if you are still having problems.

About This Tutorial

Author: Mike Daugherty

Skill Level: Advanced

Platforms Tested: CFMX
Total Views: 46,202
Submission Date: January 12, 2005
Last Update Date: June 05, 2009
All Tutorials By This Autor: 3

Discuss This Tutorial

I am a developer and I never before worked with active directory as a LDAP. My problem is that I am trying to following the steps that you put in your tutorial and appears the following error ------------------------------- Error Diagnostic Information CFLDAP Can't connect to the LDAP server The error occurred while processing an element with a general identifier of (CFLDAP), occupying document position (1:1) to (8:166) in the template file ...... I ask for the information about the server but how can I check in another way that this information works in my computer and is not like a firewall or something that is not let me get connection??? Thanks for the help that you can offer me Andreina

Posted on 10/11/2007
To reset the password you can use the Windows command Line NET Command Line: NET USER #username# #password# /DOMAIN Using NET you can do anything Network related NET USER /DOMAIN generates a list of the users in the domain With this information you can match users from a database and the Active Directory and change the password if the users change the password in the web server NET USER #username# #password# /ADD /DOMAIN creates a user on the Active Directory and if you replace ADD with DELETE you can delete the user. Using CFEXECUTE you can use command lines to do what you can't do with other coldfusion tag on the server or domain

Posted on 12/22/2006
Coldfusion doesn't have the ability to send the unicode characters required by AD to reset a password (it cuts some of them off). You will have to create a Java plugin to accomplish this and also set your sever up to accept SSL connections. See my article on how to do this at: http://logicdevelopment.net/help/ssl.html

Posted on 06/28/2006
Actually, since AD keep password encrypted, I have not been able to do this. Ahy thoughts or ideas would be great.... --Mike

Posted on 12/21/2005
Can you please give us an example how to reset Active Directory password for a user. Thanks. Abul

Posted on 12/20/2005
This worked great for me. Question are you going to do a follow up tutorial with how to implement this as a login?

Posted on 03/02/2005

Advertisement

About

Resources

Social

Sponsored By...

Powered By...

© 2002-2012 EasyCFM, LLC. All rights reserved.
You are 1 of 548 active visitors.