View comments | RSS feed
CFML Reference Previous Up One Level Next
ColdFusion Tags


cfldap

Description

Provides an interface to a Lightweight Directory Access Protocol (LDAP) directory server, such as the Netscape Directory Server.

Category

Forms tags, Internet Protocol tags

Syntax 

<cfldap 
  server = "server_name"
  port = "port_number"
  username = "name"
  password = "password"
  action = "action"
  name = "name"
  timeout = "seconds"
  maxRows = "number"
  start = "distinguished_name"
  scope = "scope"
  attributes = "attribute, attribute"
  filter = "filter"
  sort = "attribute[, attribute]..."
  sortControl = "nocase" and/or "desc" or "asc"
  dn = "distinguished_name"
  startRow = "row_number"
  modifyType = "replace" or "add" or "delete"
  rebind = "Yes" or "No"
  referral = "number_of_allowed_hops"
  secure = "multi_field_security_string"
  separator = "separator_character"
  delimiter = "delimiter_character">

See also

cfftp, cfhttp, cfmail, cfmailparam, cfpop

History

New in ColdFusion MX:

Attributes

Attribute Req/Opt Default Description
server
 Required

Host name or IP address of LDAP server.
port
 Optional
 389
 Port
username
 Required if secure = "CFSSL_BASIC"
 (anonymous)
 User ID
password
 Required if secure = "CFSSL_BASIC"
Password that corresponds to user name.
If secure = "CFSSL_BASIC", V2 encrypts the password before transmission.
action
 Optional
 query
  • query: returns LDAP entry information only. Requires name, start, and attributes attributes.
  • add: adds LDAP entries to LDAP server. Requires attributes attribute.
  • modify: modifies LDAP entries, except distinguished name dn attribute, on LDAP server. Requires dn. See modifyType attribute.
  • modifyDN: modifies distinguished name attribute for LDAP entries on LDAP server. Requires dn.
  • delete: deletes LDAP entries on an LDAP server. Requires dn.
name
 Required if action = "Query"
Name of LDAP query. The tag validates the value.
timeout
 Optional
 60
 Maximum length of time, in seconds, to wait for LDAP processing.
maxRows
 Optional
Maximum number of entries for LDAP queries.
start
 Required if action = "Query"
Distinguished name of entry to be used to start a search.
scope
 Optional
 oneLevel
 Scope of search, from entry specified in start attribute for action = "Query".
  • oneLevel: entries one level below entry.
  • base: only the entry.
  • subtree: entry and all levels below it.
attributes
 Required if action = "Query", "Add", "ModifyDN", or "Modify"
For queries: comma-delimited list of attributes to return. For queries, to get all attributes, specify "*".
If action = "add" or "modify", you can specify a list of update columns. Separate attributes with a semicolon.
If action = "ModifyDN", ColdFusion passes attributes to the LDAP server without syntax checking.
filter
 Optional
 "objectclass = *"
 Search criteria for action = "query".
List attributes in the form:
"(attribute operator value)" Example: "(sn = Smith)"
sort
 Optional
Attribute(s) by which to sort query results. Use a comma delimiter.
sortControl
 Optional
 asc
  • nocase: case-insensitive sort
  • asc: ascending (a to z) case-sensitive sort
  • desc: descending (z to a) case-sensitive sort
You can enter a combination of sort types; for example, sortControl = "nocase, asc".
dn
 Required if action = "Add", "Modify", "ModifyDN", or "delete"
Distinguished name, for update action. Example: "cn = Bob Jensen, o = Ace Industry, c = US"
startRow
 Optional
 1
 Used with action = "query". First row of LDAP query to insert into a ColdFusion query.
modifyType
 Optional
 replace
 How to process an attribute in a multi-value list.
  • add: appends it to any attributes
  • delete: deletes it from the set of attributes
  • replace: replaces it with specified attributes
You cannot add an attribute that is already present or that is empty.
rebind
 Optional
 No
  • Yes: attempt to rebind referral callback and reissue query by referred address using original credentials.
  • No: referred connections are anonymous
referral
 Optional
Integer. Number of hops allowed in a referral. A value of 0 disables referred addresses for LDAP; no data is returned.
secure
 Optional
Security to employ, and required information. One option:
  • CFSSL_BASIC; certificate_db
  • "CFSSL_BASIC" provides V2 SSL encryption and server authentication
  • -certificate_db: certificate database file (Netscape cert7.db format). Absolute path or simple filename. See the Usage section.
separator
 Optional
 , [comma]
 Delimiter to separate attribute values of multi-value attributes. Used by query, add, and modify actions, and by cfldap to output multi-value attributes.
For example, if $ (dollar sign), the attributes attribute could be "objectclass = top$person", where the first value of objectclass is "top", and the second value is "person". This avoids confusion if values include commas.
delimiter
 Optional
Separator for attribute name-value pairs, if:
  • the attributes attribute specifies more than one item
  • an attribute has the delimiter semicolon. For example: mgrpmsgrejecttext;lang-en
Used by query, add, and modify actions, and by cfldap to output multi-value attributes.
For example, if $ (dollar sign), you could specify this list of pairs with attributes:
"cn = Double Tree Inn$street = 1111 Elm;Suite 100

Usage

If you use the query action, cfldap creates a query object, allowing access to information in the query variables, as follows:
Variable name Description 
queryname.recordCount
Number of records returned by query
 
queryname.currentRow
Current row of query that cfoutput is processing
 
queryname.columnList
Column names in query

To use the security = "CFSSL_BASIC" option, you must copy the cert7.db and/or key3.db key files to the default directory location of a user-installed LDAP directory; on Windows, the directory is C:\cfusion\ldap.

The security certificate encrypts conversation. The server always sends a digital certificate to confirm the server.

Characters that are illegal in ColdFusion can be used in LDAP attribute names. As a result, the cfldap tag could create columns in the query result set whose names contain illegal characters and are, therefore, inaccessible in CFML. In ColdFusion, illegal characters are automatically mapped to the underscore character; therefore, column names in the query result set might not exactly match the names of the LDAP attributes.

For usage examples, see Developing ColdFusion MX Applications with CFML.

Example 

<h3>cfldap Example</h3>
<p>Provides an interface to LDAP directory servers like BigFoot 
(<a href = "http://www.bigfoot.com">http://www.bigfoot.com</A>).
<p>Enter a name (try your own name) and search a public LDAP resource.
<!--- If the server has been defined, run the query --->
<cfif IsDefined("form.server")>
  <!--- check to see that there is a name listed --->
  <cfif form.name is not "">
    <!--- make the LDAP query --->
    <cfldap    server = "ldap.bigfoot.com"
       action = "query"
       name = "results"
       start = "cn = #name#,c = US"
       filter = "(cn = #name#)"
       attributes = "cn,o,l,st,c,mail,telephonenumber"
       sort = "cn ASC">
    <!--- Display results --->
    <center>
    <table border = 0 cellspacing = 2 cellpadding = 2>
      <tr>
        <th colspan = 5>
          <cfoutput>#results.recordCount# matches found
          </cfoutput></TH>
      </tr>
      <tr>
        <th><font size = "-2">Name</font></TH>
        <th><font size = "-2">Organization</font></TH>
        <th><font size = "-2">Location</font></TH>
        <th><font size = "-2">E-Mail</font></TH>
        <th><font size = "-2">Phone</font></TH>
      </tr>
      <cfoutput query = "results">
        <tr>
          <td><font size = "-2">#cn#</font></td>
          <td><font size = "-2">#o#</font></td>
          <td><font size = "-2">#l#, #st#, #c#</font></td>
          <td><font size = "-2">
            <A href = "mailto:#mail#">#mail#</A></font></td>
          <td><font size = "-2">#telephonenumber#</font></td>
        </tr>
      </cfoutput>
      </table>
      </center>
    </cfif>
</cfif>
Previous Up Next

ColdFusion 9 | ColdFusion 8 | ColdFusion MX 7 | ColdFusion MX 6.1 | ColdFusion MX | Forums | Developer Center | Bug Reporting

Version 6

Comments are no longer accepted for ColdFusion MX. ColdFusion 8 is the current version.

Comments


rbils@amkor.com said on Jun 27, 2002 at 8:35 PM :
The filterconfig attribute mentioned in the history section does not exist in any versions of ColdFusion. Not sure why it is mentioned or what it refers to.
rbils@amkor.com said on Jun 27, 2002 at 8:51 PM :
This sentence is not correct:

To use the security = "CFSSL_BASIC" option, you must copy the cert7.db and/or key3.db key files to the default directory location of a user-installed LDAP directory; on Windows, the directory is C:\cfusiondap.

There is no C:\cfusiondap in CF MX. So, the question remains, what is the default directory in MX for LDAP cert dbs?
sgilson102 said on Jul 1, 2002 at 8:00 PM :

Comment: The following is from the Documentation Additions
Technote 22993 at
http://www.macromedia.com/v1/handlers/index.cfm?ID=22993&Method=Full:

-------------
You no longer need a Netscape Cert7 format certificate store file
(cert7.db) to make a secure LDAP (SSL v2) connection. You can now omit
the second token of the string for the secure attribute of the cfldap
tag that was formally used to specify the location of the cert7.db file,
and just use SECURE="CFSSL_BASIC" instead. This is because cfldap SSL
support in ColdFusion MX now uses Java Secure Socket Extension (JSSE),
and JSSE does not accept cert7.db as a keystore.

This is how it works: ColdFusion MX uses Java Native Directory Interface
(JNDI), the LDAP provider, and an SSL package to create the client side
of an SSL communication. The LDAP server provides the server side. The
LDAP server that cfldap is connecting to using SSL holds an SSL server
certificate. During the initial SSL connection, the LDAP server presents
its server certificate to the client. If the client trusts this
certificate, the SSL connection is established and secure LDAP
communication can begin.

The simplest way to establish this trust is to store the server's
certificate in the jre/lib/security/cacerts keystore of the JRE used
with ColdFusion MX. This certificate is different from cert7.db?this
certificate must be in X.509 format to import it. The simplest way to
import to the client's keystore is to use the keytool command to import
the server's cert into the cacerts store in /jre/lib/security. For
example, enter the following:

keytool -import -keystore cacerts -alias ldap -file ldap.crt

(The keytool utility is in the jre/bin directory and the initial
password is "change it").
-------------------

Kristi Jabbour
Senior Technical Writer
Macromedia
ctina said on Jul 19, 2002 at 8:28 PM :
Update from Macromedia, re public servers:
There is a list of public servers at this URL:
http://www.emailman.com/ldap/public.html
For example:
University of Guelph <ldap://directory.uoguelph.ca/o=uoguelph.ca>
(Some users have reported that the ldap.bigfoot.com server, used in the example code, is not available)
Christina Lamkin, CF documentation team
draum said on Aug 23, 2002 at 8:31 PM :
It appears that "separator" attribute is ignored when updating multi-value attributes. Also, when using SSL over LDAP you *must* specify the port number (636).
devin said on Apr 23, 2003 at 8:10 PM :
After useing <strong>keytool -import</strong> you must restart the coldfusionMX server.

To get the x509 file.

Go to the ldap sever with Microsoft Exploder like this.
https//your.ldapserver.com:636

* Double click on the lock icon
* Goto details tab
* Click on COPY TO FILE
* Choose base64 option and save the file
* now you have a file to use with the import command.
uzma said on May 1, 2003 at 6:04 AM :
The discussion helped but not completely
Olivier Boël said on May 8, 2003 at 10:57 AM :
MX comes with bugs :

The following code works fine with CF 4.5 but only shows the first value of multi-value fileds (example : memberOf) when executed by (MX Updater 3) although I tried different values for the SEPARATOR option :
<CFSET VALID = 0>
<CFSET start="DC=ep,DC=parl,DC=union,DC=eu">
<CFSET #sAMAccountName# = "oboel">
<CFSET filter="(sAMAccountName=#sAMAccountName#)">
<CFTRY>
<CFLDAP
SERVER = "epluxsdc01.ep.parl.union.eu"
USERNAME = "CN=username,OU=Users,OU=EICI,DC=ep,DC=parl,DC=union,DC=eu"
PASSWORD = "password"
ACTION = "QUERY"
NAME = "ADRESULTS"
START = #start#
FILTER = #filter#
SCOPE = "subtree"
ATTRIBUTES = "*">
<CFCATCH TYPE="ANY">
<CFSET VALID = 1>
</CFCATCH>
</CFTRY>
<CFIF #VALID# IS 0>
<TABLE>
<CFOUTPUT QUERY = "ADRESULTS">
<TR><TD>#name#</TD><TD>#value#</TD></TR>
</CFOUTPUT>
</TABLE>
</CFIF>
Bug reported to MM. Still no reaction...
Olivier Boël said on May 17, 2003 at 10:08 AM :
Got an answer!!!

It is definitely a regression, and we are opening a bug report on it. However, there is bug number yet, and I have no idea when it will be resolved.
mwaddell said on Aug 12, 2003 at 8:00 AM :
I have been unable to obtain usable data from any binary encoded LDAP attributes, CFMX reports the IsBinary as NO.

 

RSS feed | Send me an e-mail when comments are added to this page | Comment Report

Current page: http://livedocs.adobe.com/coldfusion/6/CFML_Reference/Tags-pt165.htm