http://livedocs.adobe.com/ Macromedia LiveDocs - online documentation with user feedback. Copyright 2009, Macromedia, Inc. 2009-11-25T19:15:09 en-us http://livedocs.adobe.com/coldfusion/7/htmldocs/00000301.htm#80569 If you are not using the listGroups attribute, leave it at its default which is "no". The user will not authenticate if the number of characters returned by listGroups is > 469. Rob_in_KC 0 0 2008-02-11T07:45:10 http://livedocs.adobe.com/coldfusion/7/htmldocs/00000301.htm#36841 Authentication via Active Directory can be achieved with CFLDAP and is quite effective.<br /><br />Integrating CFLDAP with AD: http://www.macromedia.com/devnet/server_archive/articles/integrating_cf_apps_w_ms_active_directory.html<br /><br />This tag will not work with Samba. I have tried using it to authenticate to a server running Mac OS X 10.3 and Samba 3.0. It fails every time with a user not in directory failure. I believe this is more tied to AD than the actual NT login. ajpowellatl 0 0 2005-07-07T07:16:01 http://livedocs.adobe.com/coldfusion/7/htmldocs/00000301.htm#27719 I believe the following is true, but have not tested it, so I'm not marking it as an answer:<br><br>If the Web server uses Active Directory authentication to log a user in, it does not mean that the user is automatically logged into the ColdFusion application security framework. <br>If you have a cflogin tag, it will still execute. <br>When the cflogin tag executes, however, it automatically gets a cflogin structure with user's login ID from the web server authentication. <br><br>You must still use the cfloginuser tag to log the user into the ColdFusion security framework, and you specify the roles at that time. <br>The only way to specify roles to the ColdFusion security framework is in the cfloginuser tag.<br><br>For an example of using a web server based login with the ColdFusion security framework, see the "Web server-based authentication user security example" section in the Securing Applications chapter of the ColdFusion MX Developer's Guide, at http://livedocs.macromedia.com/coldfusion/7/htmldocs/00001187.htm. <br>The example starts about 2/3 of the way down on the page. <br>For more information on ColdFusion MX 7 security, see the rest of the chapter starting at http://livedocs.macromedia.com/coldfusion/7/htmldocs/00001175.htm.<br><br>If you need to get information, such as group or role related information, from the Active Directory, you must use the cfldap tag to query the directory. halL 1 0 2005-02-10T14:00:45 http://livedocs.adobe.com/coldfusion/7/htmldocs/00000301.htm#27678 I wonder if a problem will arise if the user is auto-logged in by IE based on Active Directory crednetials. For example, your web page directory is secured based on AD groups and all your machines are set to auto login by IE based on local intranet security settings. I think this results in the login being recognized by CF before any authentication tags or functions can be run. I guess if I had a specific question with this tag it would be once a user is logged in, based on CF authentication or otherwise, how do you add roles to the roles list? skibama1 0 0 2005-02-10T04:44:40 http://livedocs.adobe.com/coldfusion/7/htmldocs/00000301.htm#27555 remecTim, you are correct and we have entered this as doc bug 59801.<br><br>Also, The cfNTauthenticate example is missing number signs around the roles attribute value for the cfloginuser tag. The correct line is as follows:<br><br><cfloginuser name="#theusername#" password="#thepassword#"roles="#authresult.groups#"><br><br>This is doc bug 59561. jrunrandy 1 1 2005-02-08T06:53:01 http://livedocs.adobe.com/coldfusion/7/htmldocs/00000301.htm#27547 The attribute "name" is incorrect, and will cause an error. That attribute is actually "username". The sample code has the correct usage. remecTim 0 0 2005-02-07T16:58:27