Using Windows NT Authentication

Owned by Matthew Williams
Last updated: Jul 18, 2007 by Geoff BowersVersion comment

Active Directory Integration

Before you can set up Active Directory or Windows Domain authentication you need to register NTAdmin.dll to enable ColdFusion to talk to Active Directory.

This could also be done using Active Directory's LDAP interface.

Instructions

Basic steps for Active Directory integration are:

  • register NTAdmin.dll for use as a com object (file can be found under farcry_core/admin/install/dmSec_files). I find it easiest to copy this file to your winnt/system32 directory and then from the command prompt run this:
regsvr32 c:\winnt\system32\ntadmin.dll
  • create a new FarCry user directory (<yourApp> / config / _dmSecUserDirectories.cfm) with typename of "ADSI" and the domain of your active directory eg
./config/_dmSecUserDirectories.cfm
 Application.dmSec.UserDirectory.AD= StructNew();
 temp = Application.dmSec.UserDirectory.AD;
 temp.type="ADSI";
 temp.domain="mydomain.com";
  • update your application scope (append updateapp=1 to your url)
  • log in to FarCry, click on security tab, policy sub tab and finally map policy group. You will need to map the AD groups across to FarCry policy groups. Eg if your AD user belongs to a sysadmin group, you would map the AD sysadmin group to the FarCry sysadmin group. Then that user can log in with standard AD details and have full sysadmin access.

That's it. Your users should be able to log in as normal.

Note you can't view/modify AD users from FarCry.