Hi everybody!
I'm a new subcriber of this list. I'm trying to setup a radius server with LDAP authentication; I've managed to authenticate a user (from a Cisco Device),
but my fellows from Security Department think that we should have a two-step authentication:
1. User/password authentication, searching in cn=users,ou=pepe,ou=jose,c=es
2. A compare request, searching a specific objectclass in the LDAP tree.
So, the idea is the following one: depending on the NAS-IP-Address, not only to check for a correct password, but search the uid in an objectclass called
owner in the entry cn=deviceX,ou=pepe,ou=jose,c=es.

deviceX is the one with the source NAS-IP-Address. I Know how to unlang using swicht statements, configuring differents ldap's modules in the radius
server, so I can write the basedn I want.

But how can do the step 2?

Thank you and sorry for my english.