I am using LDAP authorization. What I am looking to accomplish is to reject/deny (so not even attempt authentication) for disabled users.

I am authentication against AD (use LDAP for authorize and ntlm for authentication).

If I were to search for all none disabled users using ldapsearch, the filter query for this would be: !(userAccountControl:1.2.840.113556.1.4.803:=2)

That is the part that limits the results to only enabled users. Wondering how I would do this in FreeRadius? Even on a more general level how I would reject based off certain returned attributes.

Thanks