Connect to LDAP via ColdFusion - coldfusion

I am trying to get the following connection to our LDAP working via ColdFusion, however, I can never get it to return any values (i.e. results.recordcount always equals 0). I assume my problem is with the "start" portion of the query so I did some research and have tried numerous values but nothing seems to work.
<cfldap
server = "adserver"
action = "query"
username = "DOMAIN\username"
password = "apassword"
name = "results"
scope="subtree"
start = "dc=domain.local"
attributes = "givenname,surname,uid,userid,groupMembership,mail,dn,roles,memberof,cn,samaccountName">
<cfoutput>
#results.recordcount#
</cfoutput>
The structure of the AD that I'm trying to access is as follows. I'm trying to get to the "Users" section at the bottom of the tree shown.
Active Directory Users and Computers
- Saved queries
- domain.local
- option1
- option2
- NAME1
- option1
- option2
- NAME2
- Computers
- Disabled Users
- Groups
- Users
If I right-click on "User" and view the properties it tells me the canonical name for it is domain.local/NAME1/NAME2/Users, which I assume is relevant to my problem.
Any ideas what I should be using for the "start" portion of cfldap?
Thanks in advance.

I highly recommend browsing your AD with a program like Softerra's LDAP Browser (http://www.ldapbrowser.com/) and then locating the distinguished name of the hierarchy where you want to start searching. Using this, I was able to find the exact DN of the LDAP structure to target.

Try somethign like this. I've had the best luck starting at a high level and then using the filter attribute to drill down.
<cfldap action="query" start="DC=server, DC=domain, DC=com" filter="OU=Users"
username = "DOMAIN\username" password = "apassword" name = "results"
scope="subtree" attributes = "givenname,surname,uid,userid,groupMembership,mail,dn,roles,memberof,cn,samaccountName">

Related

How to get Zomato restaurant ID using restaurant link?

I want to get details of a restaurant in Zomato. I have it's link as the input (https://www.zomato.com/mumbai/fantasy-the-cake-shop-kalyan?utm_source=api_basic_user&utm_medium=api&utm_campaign=v2.1). By browsing the documentation of Zomato APIs, I didn't found a way to get it.
I tried searching for the restaurant using search API but it returns many results.
Any help will be appreciated
It's a two-step process:
Find out restaurant's city id, in your case, Mumbai's city id through the /cities API. It's a simple query search.
Use the city id from the above API call in the /search API, like, https://developers.zomato.com/api/v2.1/search?entity_type=city&entity_id=3&q=fantasy%20the%20cake%20shop%20kalyan
This would give all the basic information about a restaurant.
View the page's source and search for window.RES_ID
I had the same issue as you described. This Zomato's API approach is at least odd. It's almost immposible to GET any information about restaurant if you don't know res_id in advance and that's not possible to parse since Zomato will deny access.
This worked for me:
Obtain user-key from Zomato API Credentials (https://developers.zomato.com/api)
Search restaurant url via API (https://developers.zomato.com/api/v2.1/search?entity_id=84&entity_type=city&q=RESTAURANT_URL&category=7%2C9). The more specific you will be, the better results you'll get (This url is specified by city to Prague (ID = 84) and categories Daily menus (ID = 7) and Lunch (ID = 9). If there is possibility do specify city, category or cuisine, it helps, but should't be necessary. Don't forget to define GET method in headers.
Loop or filter through json results and search for the wanted url. You might need to use method valueOf() to search for the same url. Be careful, you might need to add "?utm_source=api_basic_user&utm_medium=api&utm_campaign=v2.1" at the end of your wanted url so it has the same format. Check that through Zomato API Documentation page.
for (i in body.restaurants) {
var url_wanted = restaurant_url + '?utm_source=api_basic_user&utm_medium=api&utm_campaign=v2.1'
var url_in_json = body.restaurants[i].restaurant.url;
if (url_wanted.valueOf() == url_in_json.valueOf()) {
var restaurant_id = body.restaurants[i].restaurant.id;
}
console.log('Voala! We have res_id:' + restaurant_id);
}
There you have it. It could be easier though.
Hope it helps!
once you have the url of the rseraunt's page you can simply look for a javascript object attribute named "window.RES_ID" and further use it in the api call.

Update statement in SQL when two different search items present

I've got a small issue when updating a column. When a db needs restored on a testdb, I need to change some fields in order to prevent issues on the production db.
Most of the time it only is adjusting the e-mail address and web address.
Now I walked on this one:
In a table there is a column filled with URL's. One URL starts with fairworks... and the other starts with www.fairworks...
Both URL need to be changed to: Test.fairworks...
So fairw..... and www.fairw... need to be changed to: TEST.fairw...
I tried to update with this code but somehow it doesn't do what I intended
Update URL
SET Url = CASE
WHEN (LEFT(Url,3) = 'fai' THEN REPLACE(Url,'fair','test.fair')
ELSE
WHEN (LEFT(Url,6) = 'www.fa THEN REPLACE(Url,'www.fair', 'test.fair')
END
I can't see where I go wrong.
Because I haven't enough points I cannot add the complete code. Both URL starts with HTTP://
I haven't tested this, but you could use something like this:
UPDATE [YourTable]
SET Url = 'www.fairworks' + SUBSTRING(Url, 4, LEN(Url)-4)
WHERE LEFT(Url,4) = 'fair'
UPDATE [YourTable]
SET Url = 'www.fairworks' + SUBSTRING(Url, 8, LEN(Url)-8)
WHERE LEFT(Url,8) = 'www.fair'
By the way, you missed an apostrophe (just before THEN) in your code:
WHEN (LEFT(Url,6) = 'www.fa THEN REPLACE(Url,'www.fair', 'test.fair')

Classic ASP Cookie Vulnerability

I have a simple login page on a classic asp page.
It takes the username field from a form ("un") and the password ("pw") and does the following with them:
<%
un = newstr(request.form("un"))
pw = newstr(request.form("pw"))
SQL = "SELECT * from my_table WHERE un = '"&un&"' AND pw = '"&pw&"'"
set cRS = oConn.Execute(SQL)
if cRS.EOF then
%>
<p>Unable to log you in. Please try logging in again.</p>
<%
elseif NOT cRS.EOF then
Response.Cookies("test") = "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY"
Response.Cookies("test").Expires = Date() + 365
response.redirect "main.asp"
end if
end if
%>
Then I have some simple validation at the top of each page whose contain I only want logged in users to be able to see, which does this:
<%
test = Request.Cookies("test")
if test = "" OR test <> "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY" then response.redirect("default.asp")
%>
I wanted to check - is that naively simple?
Could someone easily hack into my site, by e.g. setting a cookie on their computer, called "test" and whose value = "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY"?
Or wouldn't it be pretty unlikely someone would guess that string value of "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY"?
Thanks
First off, someone could break your system by trying to pass in user names like
';DROP TABLE Users
http://xkcd.com/327/
Always, always use parameterized queries.
Never trust the UI for anything related to security. The client can observe all cookies that you set, and return any cookie back to you that it wants to. If this is not HTTPS, someone in the middle could also observe the cookie being sent back and forth.
Don't re-invent security frameworks. They are very hard to get right.

Is it possible to use CFLDAP to retrieve all the users from a distribution group with only the group email address?

I'd like to use CFLDAP to retrieve all the users in a certain distribution group used by Exchange. If this is possible, what do I use for the 'filter' attribute of CFLDAP? Also, if all I have is the email address for the group (e.g. 'sales#example.com'), can I still get the user information, or do I need the name of the group that uses that email address?
For example, what would I put in the block below?
<cfldap server = "foo.example.com"
action = "query"
name = "ldap2"
start = "dc=foo,dc=example,dc=com"
attributes = "givenName,sn,sAMAccountName,mail,employeeID,dn"
filter="?????????????"
username="BAR\eterps"
password="12345" >
To get the Group name from the email address, I used Active Directory Explorer. I'm sure there is a way to query for it as well.
Once I had the group name, I created my filter for CFLDAP: (&(objectClass=user)(memberOf=cn=Sales,ou=Email Distribution Groups,dc=foo,dc=example,dc=com))
So the resulting CFLDAP query looks like:
<cfldap server = "foo.example.com"
action = "query"
name = "ldap2"
start = "dc=foo,dc=example,dc=com"
attributes = "givenName,sn,sAMAccountName,mail,employeeID,dn"
filter="(&(objectClass=user)(memberOf=cn=Sales,ou=Email Distribution Groups,dc=foo,dc=example,dc=com))"
username="BAR\eterps"
password="12345" >
a filter is not required when using cfldap in my experience. What happens when you run the query without a filter?
If I understand your question correctly, you can modify the start attribute with the specific Group dn, and not just the Root dn, it should only return the info from that group. If there is an attribute that points to users that are members of that group, make sure you include that in the attribute list.
If you dont modify the start attribute, your filter would be something like (cn=groupname) that points to the group you want.

Amazon Product Advertising API: Get Average Customer Rating

When using Amazon's web service to get any product's information, is there a direct way to get the Average Customer Rating (1-5 stars)? Here are the parameters I'm using:
Service=AWSECommerceService
Version=2011-08-01
Operation=ItemSearch
SearchIndex=Books
Title=A Game of Thrones
ResponseGroup=Large
I would expect it to have a customer rating of 4.5 and total reviews of 2177. But instead I get the following in the response.
<CustomerReviews><IFrameURL>http://www.amazon.com/reviews/iframe?...</IFrameURL></CustomerReviews>
Is there a way to get the overall customer rating, besides for reading the <IFrameURL/> value, making another HTTP request for that page of reviews, and then screen scraping the HTML? That approach is fragile since Amazon could easily change the reviews page structure which would bust my application.
You can scrape from here. Just replace the asin with what you need.
http://www.amazon.com/gp/customer-reviews/widgets/average-customer-review/popover/ref=dpx_acr_pop_?contextId=dpx&asin=B000P0ZSHK
As far as i know, Amazon changed it's API so its not possible anymore to get the reviewrank information. If you check this Link the note sais:
As of November 8, 2010, only the iframe URL is returned in the request
content.
However, testing with the params you used to get the Iframe it seems that now even the Iframe dosn't work anymore. Thus, even in the latest API Reference in the chapter "Motivating Customers to Buy" the part "reviews" is compleatly missing.
However: Since i'm also very interested if its still possible somehow to get the reviewrank information - maybe even not using amazon API but a competitors API to get review rank informations - i'll set up a bounty if anybody can provide something helpful on that. Bounty will be set in this topic in two days.
You can grab the iframe review url and then use css to position it so only the star rating shows. It's not ideal since you're not getting raw data, but it's an easy way to add the rating to your page.
Sample of this in action - http://spamtech.co.uk/positioning-content-inside-an-iframe/
Here is a VBS script that would scrape the rating. Paste the code below to a text file, rename it to Test.vbs and double click to run on Windows.
sAsin = InputBox("What is your ASIN?", "Amazon Standard Identification Number (ASIN)", "B000P0ZSHK")
if sAsin <> "" Then
sHtml = SendData("http://www.amazon.com/gp/customer-reviews/widgets/average-customer-review/popover/ref=dpx_acr_pop_?contextId=dpx&asin=" & sAsin)
sRating = ExtractHtml(sHtml, "<span class=""a-size-base a-color-secondary"">(.*?)<\/span>")
sReviews = ExtractHtml(sHtml, "<a class=""a-size-small a-link-emphasis"".*?>.*?See all(.*?)<\/a>")
MsgBox sRating & vbCrLf & sReviews
End If
Function ExtractHtml(sHtml,sPattern)
Set oRegExp = New RegExp
oRegExp.Pattern = sPattern
oRegExp.IgnoreCase = True
Set oMatch = oRegExp.Execute(sHtml)
If oMatch.Count = 1 Then
ExtractHtml = Trim(oMatch.Item(0).SubMatches(0))
End If
End Function
Function SendData(sUrl)
Dim oHttp 'As XMLHTTP30
Set oHttp = CreateObject("Msxml2.XMLHTTP")
oHttp.open "GET", sUrl, False
oHttp.send
SendData = Replace(oHttp.responseText,vbLf,"")
End Function
Amazon has completely removed support for accessing rating/review information from their API. The docs mention a Response Element in the form of customer rating, but that doesn't work either.
Google shopping using Viewpoints for some reviews and other sources
This is not possible from PAPI. You either need to scrape it by yourself, or you can use other free/cheaper third-party alternatives for that.
We use the amazon-price API from RapidAPI for this, it supports price/rating/review count fetching for up to 1000 products in a single request.