LDAP authorization
Alan DeKok
aland at deployingradius.com
Thu Mar 7 19:22:38 CET 2013
Matthew Ceroni wrote:
> That is what I tried. So I set
>
> base_filter =
> "(&(objectclass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
>
> But what I am finding is whether the user is found and enabled, user is
> found but disabled, or user isn't found at the output (from radius
> debug) shows
Does that filter work when you use it with the command-line ldap
search tool?
> [ldap] user XXXXXX authorized to use remote access
>
> So then it continues onto the authorization part. How do I get it to
> reject if the user isn't found (or user is disabled)?
Use ldap.attrmap, as I said in my previous message.
Alan DeKok.
More information about the Freeradius-Users
mailing list