LDAP authorization

Alan DeKok aland at deployingradius.com
Thu Mar 7 19:22:38 CET 2013


Matthew Ceroni wrote:
> That is what I tried. So I set
> 
> base_filter =
> "(&(objectclass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
> 
> But what I am finding is whether the user is found and enabled, user is
> found but disabled, or user isn't found at the output (from radius
> debug) shows

  Does that filter work when you use it with the command-line ldap
search tool?

> [ldap] user XXXXXX authorized to use remote access
> 
> So then it continues onto the authorization part. How do I get it to
> reject if the user isn't found (or user is disabled)?

  Use ldap.attrmap, as I said in my previous message.

  Alan DeKok.


More information about the Freeradius-Users mailing list