Querying a secure CFLDAP - Cold Fusion

This is a discussion on Querying a secure CFLDAP - Cold Fusion ; Hello all, I have been pulling my hair out trying to figure out why my CFMX7 box will not authenticate with a secure LDAP. I have been able to query using ldp.exe from micosoft but nothing with CF. I have ...

+ Reply to Thread
Results 1 to 10 of 10

Querying a secure CFLDAP

  1. Default Querying a secure CFLDAP

    Hello all,

    I have been pulling my hair out trying to figure out why my CFMX7 box will not
    authenticate with a secure LDAP. I have been able to query using ldp.exe from
    micosoft but nothing with CF. I have been all over the Internet looking for
    solutions and suggestion but nothing has helped.

    I believe I imported the crt correctly but I suspect that is where I am
    experiencing the breakdown.

    Here is the code:
    <cfldap
    server = "#domain#"
    action = "query"
    name = "results"
    start = "dc=school,dc=edu"
    filter = "(sAMAccountName=aasmith)"
    port="636"
    username="username"
    password="password"
    attributes = "ldapDisplayName"
    secure="cfssl_basic">

    I imported the crt before and tried again just case and it said that it was
    already there. I would like to delete the alias out and start over be could
    not. Can someone help me with this?

    Thanks!!!

  2. Default Re: Querying a secure CFLDAP

    have you looked at this?

    http://kb.adobe.com/selfservice/view...nalId=tn_19139

  3. Default Re: Querying a secure CFLDAP

    Yes, I thought I followed it to the tee. However it still is not working. I
    tried to run "keytool -list -keystore cacerts -alias ldapserver-cert -storepass
    changeit -v" to check the cert but it just came back with a list of all the
    functions.

    Any idea? Thanks

  4. Default Re: Querying a secure CFLDAP

    depending on where you've installed CF, you may need to change these paths -

    Open a command prompt and cd to ?C:\CFusionMX7\runtime\jre\bin?

    From here you can feed the command prompt the following command (on one line):

    keytool -list -storepass changeit -noprompt -keystore
    C:\CFusionMX7\runtime\jre\lib\security\cacerts

    Example:

    C:\CFusionMX7\runtime\jre\bin>keytool -list -storepass changeit -noprompt
    -keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts


    This should list out all the current certs.

    This blog post has more info as well -
    http://www.coldfusionmuse.com/index....01/29/keystore



  5. Default Re: Querying a secure CFLDAP

    also, you didn't say what the error message, if any, you were receiving when
    making the ldap call. If it's 'connection failure' then it's almost a guarantee
    that the issue is with the cert not being imported or configured properly.

  6. Default Re: Querying a secure CFLDAP

    Here is the error message:

    Connection to LDAP Server failed


  7. Default Re: Querying a secure CFLDAP

    I just ran the list function and I do not see the certificate anywhere. In
    addition, I just ran another one which was Starfield.cer (godaddy) and I do not
    see it in there either. I made sure to restart CF after each time.

    Thanks!!

  8. Default Re: Querying a secure CFLDAP

    We also have a version of CF5 running and I understand that it is a bit easier
    to configure. Can you tell me where I could find the certificate_db? I am
    trying this: secure="CFSSL_BASIC, C:\cfusion\ldap\certificate_db"

    However I get the following error:

    Invalid security information for security type "CFSSL_BASIC" was provided
    within the SECURITY attribute. Please refer to the documentation for the
    correct format of this multi-field string value. Error: The path component,
    "C:\cfusion\ldap\certificate_db", specifies a file that does not exist.

    Thanks for all your help!!

  9. Default Re: Querying a secure CFLDAP

    I think there may be an issue with how I name the alias. Would I name the alias ldap.domain.edu if that the server I was querying (server = "ldap.domain.edu")???

  10. Default Re: Querying a secure CFLDAP

    Well the believe it or not I figured it out. It was only after reading this
    post
    (http://www.numtopia.com/terry/blog/a..._certificates_
    with_keytool_finally.cfm) that I started thinking that I remember I would
    import certificates and thenn run a list to make sure that they were in there.
    I could never find them and the total amount would always stay at 106.

    I then entered the following (replace "whateverthecertis"): keytool -import
    -keystore C:\CFusionMX7\runtime\jre\lib\security\cacerts -file
    whateverthecertis.cer -alias whateverthecertis

    All of the documentation examples I read (which was quite a bit) always had
    "-keystore cacerts" which places it in the same directory as the keytool
    (C:\CFusionMX7\runtime\jre\bin). Therefore the CF server never sees it.

    I hope this helps someone as it would have saved me a week.

+ Reply to Thread
« Re: Advanced Sarch | Cold fusion dropdown related issue »