If you prompt users for login information and need to authenticate again Windows NT domains or Active Directory, take a look at the new tag. The following code snippet authenticates using two passed FORM fields and returns a result structure:
The returned structure will the name and authentication status. The tag can also be used to obtain a list of groups that the authenticated user is a member of by specifying listgroups=”yes”. Note that this tag only works on Windows.

13 thoughts

  1. will it obtain nested groups (will it fetch the entire group membership for a user or just direct membership)?

  2. The docs say this only works against NT domains, and not against Active Directory. I haven’t tried it yet myself, and that sounds kind of fishy, but you might want to look into it.

  3. Dave R, I believe it it whatever groups directly a member of.
    Dave W, that is odd, especially as I am using it on internal MM apps and authenticating against AD. I’ll look into this one.

  4. yeah that is authenticates against AD is news to me. we rolled out own months ago and kind of laughed when we read about this tag. NT4 authentication stopped being a ‘hot-issue’ about 5 years ago. 🙂 maybe instead of ntauthenticate it should be called msauthenticate :). if it does to AD authentication we would thinkg about switching from our own solution to this tag.

  5. Is there any way to have that authenticate against a foreign host? We’ve got a dedicated server housed in Dallas and I’d like to be able to authenticate against our AD in Orlando.
    Damien

  6. I believe Ben has misspoken on this. The Macromedia docs specifically state that this does not work against Active Directory, which begs the question; why would you even issue a tag such as this and bill it as a great new feature when it would have been useful 10 years ago. This is about like putting out a new tag to validate against Banyan Vines. What would have been really useful would have been an identical tag to authenticate against AD.

  7. Actually, with a little testing, cfNTauthenticate does a very nice job of connecting to Active Directory, even returning an accurate and correct list of groups the user belongs to when listGroups="Yes". Definitely a misnomer on the tag name!

  8. UserNotInDirFailure is the error I’m getting when I use a dump to view the structure of our cfntauthenticate attempt. We tried using the LDAP tag an got an inappropriate authentication error. Arrgghh. I’m wondering if the problem has something to do with the way we’ve set up out active directory structure. Any ideas anyone.
    Thanks
    Rob Wood

  9. Rob
    We have the same problem here in our company. We use a login through ldap. some users can log in and some not and they are all in the same ad same rights everything.
    we use cfntauthenticate to see if that works and we get usernotindirfailure.

  10. We’ve found out that is we use listgroups="yes" that we can’t add more than 469 characters in our group policy. so if the groups that you added is more than 469 characters coldfusion gives the error userNotInDirFailure.
    is this a bug can we report that as a bug with macromedia.
    has anybody have this problem also.
    thx for the reply
    greets Sven

  11. I am having a similar problem with groups and some users being able to login while others cannot, but am unable to find a rhyme or reason for it. I have actually created exact copies of users with same groups and had those work, but not the original user with all groups removed. This is very frustrating.

  12. "I am having a similar problem with groups and some users being able to login while others cannot, but am unable to find a rhyme or reason for it. I have actually created exact copies of users with same groups and had those work, but not the original user with all groups removed. This is very frustrating."
    I’ve figured this Out Guys.
    The Users account must have Logon Permissions to the running the website. If the user can’t Loggon to the server. you will get a AuthenticationFailed Message.
    I don’t know if it will fix the LDAP issues.
    Hope this helps. it did the trick for me.
    Windows 2000 Server SP2
    CFMX 7 Standard
    Active Directory inuse

Leave a Reply to Damien Cancel reply