I am trying some code using cfldap in ColdFusion. The problem is when I try using a password that includes a #, I get an error:
Authentication failed:[LDAP: error code 49 - 80090308: LdapErr:
DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]
Is it possible to use a cfldap password containing #? I've tried with ReplaceNoCase. When the password has a #, it changes to ##, so ColdFusion knows it is a text, not a variable, but still get this error. Thank you so much guys.
Here's my code
<cfset convertPwd = ReplaceNoCase(txtPassword,"##","####")>
<cfldap action="QUERY"
name="ChkUserName"
attributes="sAMAccountName,givenName,initials,sn,cn,mail,objectClass,dn"
start="#trim(qGetSettingLdap.bindserver)#"
server="#trim(qGetSettingLdap.ipserver)#"
scope="SUBTREE"
username="#form.txtName#"
password="#trim(convertPwd)#"
port="#trim(qGetSettingLdap.portserver)#" filter="(sAMAccountName=#form.txtName#)">
Related
I am trying to match and ban certain patterns in my drupal logs (drupal 9).
I have taken the base drupal-auth regex, created a new conf and tried to amend it to my requirements but I seem to be failing at the first hurdle. This is the code that will give me anything that has the type 'user' and this is filtered by the user\ in the code below, just before the <HOST> block:
failregex = ^%(__prefix_line)s(https?:\/\/)([\da-z\.-]+)\.([a-z\.]{2,6})(\/[\w\.-]+)*\|\d{10}\|user\|<HOST>\|.+\|.+\|\d\|.*\|.+\.$
If I want to search exactly the same pattern, but with say 'page not found' or 'access denied' instead of 'user' what do I need? I cannot seem to get it to match the moment the type has a space in it. It seems such a simple thing to do!
I am using fail2ban-regex --print-all-matched to test.
I am currently in a need of a Load test for a web-solution, which requires for a user authentication in Homepage (Welcome Page).
When I seek for the POST SignIn parameters which are passing along with the login credentials using FireBug in FireFox,
i found out that Password, TenantName, UserName, __RequestVerificationToken are the parameters which are passing along with their values for a successful login.
I needed to simulate this process using the JMETER.
Therefore i have made a HTTP REQUEST (Visit Login Page) to Navigate to the page using JMETER, which successfully work.
Within the HTTP REQUEST (Visit Login Page) I have added a Regular Expression Extractor, to Extract the token,
since it is necessary to pass the token along with the sign in.
Reference Name : REQUEST_VERIFICATION_TOKEN
Reg Expression : input name="__RequestVerificationToken" type="hidden" value="([A-Za-z0-9+=/-\ _]+?)"
Template : $1$
Match No. : 1
Default Value : (blank)
And I have added a separate HTTP Request (Login to Web) for signin along with the Parameters as follows;
Password : ${Password}
TenantName : ${TenantName}
Username : ${Username}
__RequestVerificationToken : ${REQUEST_VERIFICATION_TOKEN}
But When I Run it, under the View Results Tree,
the Response Data is generating as "The anti-forgery token could not be decrypted..."
When i check for the Request displays under View Result Tree,
it displays as
POST data:
Password=123456&TenantName=tenant&Username=admin&__RequestVerificationToken=%24%7BREQUEST_VERIFICATION_TOKEN%7D*
Where in the Request I realized the value for the RequestVerificationToken is not getting initialized.
I was searching for a solution through blogs for two days, where ultimately without a proper assistance I tend to post this question over here.
This is one reference link which is usefully for a extent, from which i used :
http://build-failed.blogspot.com/2012/07/load-testing-aspnet-mvc-part-3-jmeter.html?showComment=1417672985397#c6427302313332055578
Can someone assist me of Why the RequestVerificationToken is not extracting properly, or getting initialized to the variable?
( Ps : please be kind enough to assume that I'm a beginner in JMeter, to be honest, when you are providing your precious reply )
In Regular expression '-' has a meaning & it has to be escaped properly if it is expected in your __RequestVerificationToken value.
So, the correct regular expression would be
input name="__RequestVerificationToken" type="hidden" value="([A-Za-z0-9+=/\-\_]+?)"
I created a temp variable & verified above regular expression. It works fine. If it does not work for you, Please provide the HTTP response if possible.
We are using CF MX7 for one of our applications.
When we enter a set of characters to search for through the application CF throws out an error stating the below:
Element USER_NAME is undefined in URL.
The error occurred in D:\Inetpub\wwwroot\MISWEB\lci\userNavigator.cfm: line 2
1 : <CFSET login_id = #url.user_login#>
2 : <CFSET user_name = #url.user_name#>
3 : <CFSET user_id = #url.user_id#>
This is occurring when we enter a login ID to search for that has an # character in it 0952#2. so basically, i understood that the problem is with the login ID that we are entering, but we cannot ask the user to change his login ID. is there an alternate way to change the code in such a way that it accepts these values?
<CFSET login_id = #0952#2#>
hence the error is being thrown out at the second line where it is not accepting the username as it is not correct. Is there any way we can include the # present in the login ID provided inside the declaring #..# open and close # function?
Because the search form is performing a GET request, the form fields are added to the URL. The problems is the hashes (#) are being interpreted by the browser as an on-page location, so nothing after the first hash in the URL is even being sent to the server, which is why ColdFusion says it doesn't exist.
To overcome this, you'll need to encode the hashes before submitting the form. You can do this with JavaScript and the form's onsubmit handler.
escape(document.formName.user_name.value);
This will send the user_name in the URL in an encoded format (%230952%232%23), which you can then decode when you set it to user_name.
<cfset user_name = urlDecode(url.user_name)>
I am trying to get the following connection to our LDAP working via ColdFusion, however, I can never get it to return any values (i.e. results.recordcount always equals 0). I assume my problem is with the "start" portion of the query so I did some research and have tried numerous values but nothing seems to work.
<cfldap
server = "adserver"
action = "query"
username = "DOMAIN\username"
password = "apassword"
name = "results"
scope="subtree"
start = "dc=domain.local"
attributes = "givenname,surname,uid,userid,groupMembership,mail,dn,roles,memberof,cn,samaccountName">
<cfoutput>
#results.recordcount#
</cfoutput>
The structure of the AD that I'm trying to access is as follows. I'm trying to get to the "Users" section at the bottom of the tree shown.
Active Directory Users and Computers
- Saved queries
- domain.local
- option1
- option2
- NAME1
- option1
- option2
- NAME2
- Computers
- Disabled Users
- Groups
- Users
If I right-click on "User" and view the properties it tells me the canonical name for it is domain.local/NAME1/NAME2/Users, which I assume is relevant to my problem.
Any ideas what I should be using for the "start" portion of cfldap?
Thanks in advance.
I highly recommend browsing your AD with a program like Softerra's LDAP Browser (http://www.ldapbrowser.com/) and then locating the distinguished name of the hierarchy where you want to start searching. Using this, I was able to find the exact DN of the LDAP structure to target.
Try somethign like this. I've had the best luck starting at a high level and then using the filter attribute to drill down.
<cfldap action="query" start="DC=server, DC=domain, DC=com" filter="OU=Users"
username = "DOMAIN\username" password = "apassword" name = "results"
scope="subtree" attributes = "givenname,surname,uid,userid,groupMembership,mail,dn,roles,memberof,cn,samaccountName">
I'm trying to run a very quick update query to record that a user's email address is confirmed (setting the confirmed [bit] column in my users table to 1 after they click a link sent via email). Here's the action that should do it:
<cffunction name="confirmEmail">
<cfscript>
user = model("user").findOne(where="id=#params.userid# AND uuid='#params.uuid#'", returnAs="query");
if(user.recordCount) {
pageTitle = "E-mail Confirmation Success";
user.update(confirmed=1);
} else {
redirectTo(route="authenticationDenied", alert="Something was wrong with your confirmation string. Please contact site administrators.");
}
</cfscript>
</cffunction>
But when I submit the appropriate URL (I've dumped and can see the model call finds one valid record), I get the following error in Railo 3.3.x:
No matching Method/Function [update] for call with named arguments found
...highlighting the user.update(confirmed=1); line in my code. So what am I doing wrong? Previously I have always used save/update(params.user) or thereabouts for these queries, but that seems like overkill here; I just want to pass a 1-bit update.
Okay, my CTO who is new to CFML and Wheels figured this out in like 5 seconds. Hence the "C" I guess.
By returning the user model as a query instead of an object, I didn't have access to the update/save() methods. (Duh, MVC n00b.) The reason I was returning it as a query was simply that I've been doing that a fair bit in order to have easy manipulation of output, and in this case so that I can test for the existence of a record the way I always have (if recordCount). But this works...
<cffunction name="confirmEmail">
<cfscript>
user = model("user").findOne(where="id=#params.userid# AND uuid='#params.uuid#'");
if(isObject(user)) {
user.update(confirmed="1");
} else {
flashInsert(error="Something was wrong with your confirmation string. Please contact site administrators.");
redirectTo(route="authenticationDenied");
}
</cfscript>
</cffunction>