Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

CFLDAP Active Directory- member / memberof fields

240 views
Skip to first unread message

J.C.

unread,
Oct 8, 2004, 4:17:40 PM10/8/04
to
I've been using CFLDAP to update all kinds of information in the Active
Directory LDAP with great success, however, it appears as though the member
(groups) and memberof (users) fields won't update. I know for a fact that
these are the correct attributes, because I can query them and they give me a
list of the distinguished names of the objects in those fields. When I try to
update them using the the successful method I've been using, I receive no
error, but the fields do not update.

Has anyone attempted to update groups using CFLDAP with any success?

In the following code, I've been able to update an attribute, say,
"homePhone", by putting it in place of #ATTRIBUTENAME# in the following code.
Then, I place the new home phone number in place of #ATTRIBUTEVALUE# and it
updates it perfectly. When I use the AD field, "member" as the
#ATTRIBUTENAME#, and update with a list of objects in their distinguishedname
format in #ATTRIBUTEVALUE# it doesn't update the "member" field in Active
Directory. Clear as mud?

<cfldap action="MODIFY" DN="#OBJECTDN#"
attributes="#ATTRIBUTENAME#=#ATTRIBUTEVALUE#" modifytype="REPLACE"
server="#DOMAINSERVER#" port="389" timeout="20" username="#USERNAME#"
password="#PASSWORD#">

J.C.

unread,
Oct 13, 2004, 3:10:00 PM10/13/04
to
I solved my own problem.

The code used above is correct, however, it?s the format of the value of the
member attribute that needs to be changed. The reason it needs to be changed
is because the ?member? attribute contains a list of distinguished names (DNs)
separated by commas. Each part of a DN is separated by commas, so CFLDAP can?t
figure out where one DN starts and the next one begins.

Example:

member=CN=John Doe, OU=Corporate, OU=Users, DC=My Company, DC=int, CN=Jane
Doe, OU=Corporate, OU=Users, DC=My Company, DC=int, CN=Mike Anders,
OU=Corporate, OU=Users, DC=My Company, DC=int

So, what needs to happen is that we replace the commas at the end of each DN
with a different separator.

Example:

<cfset NEWMEMBER = REPLACE(MEMBER, ", CN", "|CN", "ALL")>

Which produces:

member=CN=John Doe, OU=Corporate, OU=Users, DC=My Company, DC=int|CN=Jane Doe,
OU=Corporate, OU=Users, DC=My Company, DC=int|CN=Mike Anders, OU=Corporate,
OU=Users, DC=My Company, DC=int

Then, we just need to tell CFLDAP that the value of "member" is separated with
?|? in the tag:

<cfldap action="MODIFY" DN="CN=IT Dept, OU=Groups, DC=My Company, DC=int"
attributes="member=#NEWMEMBER#" separator="|" modifytype="REPLACE" server="#
DOMAINSERVER#" port="389" timeout="20" username="# DOMAINADMINISTRATOR#"
password="# DOMAINPASSWORD#">

Active Directory will automatically update the ?memberof? attribute for each
of the users you add to the group. In fact, you can use the code above to
update just about any field to keep your Intranet synchronized with the
network. Just change member=#NEWMEMBER# to say, homePhone=555-555-5555 or any
of the other attributes available.


0 new messages