Never mind, I figured it out. I thought I would need to do some checkReply, receiveReply options however it's not needed. All I had to put in the ldap module was this: filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}})(accountStatus=active)(enabledService=wifi))" and then it rejected without problems. If someone has both these attributes set, then they can login without problems. So this is good. On 23 March 2016 at 07:18, scatmanwalks <scatmanwalks@gmail.com> wrote:
Hi,
I have LDAP authentication working fine, checked and tested. Incurred a little problem when integrating with the device, because of EAP, but now using two-stage with inner-tunnel to get around this.
Now, all that I'm left with, is how to filter out the users. I have two filters that I want to use from OpenLDAP. They are as follows:
accountStatus enabledService
I want it to check these two variables, and based on the results to accept or reject the users. So, firstly, if accountStatus = active, the user will be accepted. The second variable enabledService = wifi, if this also matches, it means they are allowed to use the WIFI network.
I already have the default filter:
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
so not sure if I just need to edit this appropriately, or another way?
Regards
Ian