First I used Softerra's LDAP browser to figure out what I need to gain access to our AD.
Specifically I had to use this bind technique:
CFLDAP attempt leaving out username:
<CFLDAP action="query" name="results" start="CN=js9999,OU=XXXXX,OU=Users,OU=xxxxx,DC=XXXXXX,DC=xxx,DC=com" attributes="*" server="ouradserver.bigcorp.com" />
RESULT: An error has occured while trying to execute query :[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772 ].
Attempt with username and no password.
<CFLDAP action="query" name="results" start="CN=js9999,OU=XXXXX,OU=Users,OU=xxxxx,DC=XXXXXX,DC=xxx,DC=com" attributes="*" server="ouradserver.bigcorp.com" username="js9999" />
RESULT: The system has attempted to use an undefined value, which usually indicates a programming error, either in your code or some system code. Null Pointers are another name for undefined values.
It insists on a password, which I do NOT want to provide.
Attempt with "rebind" parameter:
<CFLDAP action="query" name="results" start="CN=js9999,OU=XXXXX,OU=Users,OU=xxxxx,DC=XXXXXX,DC=xxx,DC=com" attributes="*" server="ouradserver.bigcorp.com" rebind="yes" />
RESULT: An error has occured while trying to execute query :[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1 ].
Does CFLDAP support this scenario? (bind using provably-authenticated current user)
ColdFusion 9 is running under IIS 7 on a Windows 2008 server.