User Guide
Chapter 1: ColdFusion Tags 119
The CFSSL_BASIC type of security provides V2 SSL, and the CFSSL_CLIENT_AUTH
type of security provides V3 SSL. V2 SSL provides encryption and server
authentication. V3 SSL adds to this certificate-based client authentication.
Both forms of security encrypt the conversation, and the server always sends a digital
certificate to confirm that it is the right server.
For CFSSL_BASIC, you must also specify the CFLDAP attributes USERNAME and
PASSWORD to authenticate yourself. V2 then encrypts the password prior to
transmission.
For CFSSL_CLIENT_AUTH, you do not send a user name and password; instead, you
perform authentication by a digital certificate that you send to the server.
CFSSL_CLIENT_AUTH is much more secure; however, it is difficult to administer since
all the clients must have certificates, which the server must be able to validate, and all
the certificates must have keys associated with them and passwords to protect those
keys.
Example <!--- This example shows the use of CFLDAP --->
<HTML>
<HEAD>
<TITLE>CFLDAP Example</TITLE>
</HEAD>
<BODY bgcolor=silver>
<H3>CFLDAP Example</H3>
<P>CFLDAP provides an interface to LDAP (Lightweight Directory Access
Protocol) directory servers like BigFoot
(<a href="http://www.bigfoot.com">http://www.bigfoot.com</A>).
<P>Enter a name (try your own name) and search a public LDAP resource.
...
<!--- If the server has been defined, run the query --->
<CFIF IsDefined("form.server")>
<!--- check to see that there is a name listed --->
<CFIF form.name is not "">
<!--- make the LDAP query --->
<CFLDAP
SERVER="ldap.bigfoot.com"
ACTION="QUERY"
NAME="results"
START="cn=#name#,c=US"
FILTER="(cn=#name#)"
ATTRIBUTES="cn,o,l,st,c,mail,telephonenumber"
SORT="cn ASC">
<!--- Display results --->
<CENTER>
<TABLE BORDER=0 CELLSPACING=2 CELLPADDING=2>
<TR>
<TH COLSPAN=5><CFOUTPUT>#results.RecordCount# matches found
</CFOUTPUT></TH>
</TR>
<TR>