[thelist] ColdFusion, LDAP, and binary data

Karl Nelson knelson at psesd.wednet.edu
Tue May 7 15:50:08 CDT 2002

Your extreme solutions are, well, a bit extreme for this case!  I think
I'll just come up with a work-around.

Here's my situation:  I'm building an intranet application that uses
Active Directory for authentication, but I also need to mirror user
information and application permissions in a relational database.  The
reason for this is that records in the database are tied to users.  The
data needs to be kept for "historical" reasons--if a AD user is deleted
(when the user leaves the organization, etc), I still want to be able to
associate information such as the user's name, etc., with the record
(without de-normalizing the database).  So, I'm mirroring user info in the
database.  I'd hoped to be able to pull the objectGUID from AD (via
cfldap) to use as a unique identifier in the database.  But ColdFusion
doesn't seem to want me to do this.  The back-up plan is to use another
value, like SAMAccountname, as a unique identifier.  But this too has
problems:  the AD account "knelson" could be deleted, and another account
could be created for an entirely different individual, but also called
"knelson."  So now my app thinks these two individuals are the same.
True, this is a remote possibility, but I'd still like to find a better
way to ensure data integrity.


Gilles Vincent writes:
>A really extrem solution should consist in 'rewriting' the LDAP protocol
>that to manage binary results ie. 'just' calling an external Java class
>this one : http://www.openldap.org/jldap/
>or writing a cfx ldap client adapted from the OpenLDAP C sources
>(all openldap sources are available for download here :
>http://developer.novell.com/ndk/downloadaz.htm )
>..hard work , I guess.. :(
>An other solution should consist in using a redondant index in an external
>join table, associating the pseudo-binary ldap query result to a numeric
>index (a complete initialisation and a series of triggers managing this
>table could help, also)..
>looks bad, but who maters ?
>Any other idea ?

More information about the thelist mailing list