I am using LDAP authorization. What I am looking to accomplish is to reject/deny (so not even attempt authentication) for disabled users.
I am authentication against AD (use LDAP for authorize and ntlm for authentication).
If I were to search for all none disabled users using ldapsearch, the filter query for this would be: !(userAccountControl:1.2.840.113556.1.4.803:=2)
That is the part that limits the results to only enabled users. Wondering how I would do this in FreeRadius? Even on a more general level how I would reject based off certain returned attributes.
Thanks