LDAP Authentication.
scatmanwalks
scatmanwalks at gmail.com
Thu Mar 24 13:22:57 CET 2016
Never mind, I figured it out. I thought I would need to do some
checkReply, receiveReply options however it's not needed. All I had to put
in the ldap module was this:
filter =
"(&(uid=%{%{Stripped-User-Name}:-%{User-Name}})(accountStatus=active)(enabledService=wifi))"
and then it rejected without problems. If someone has both these
attributes set, then they can login without problems. So this is good.
On 23 March 2016 at 07:18, scatmanwalks <scatmanwalks at gmail.com> wrote:
> Hi,
>
> I have LDAP authentication working fine, checked and tested. Incurred a
> little problem when integrating with the device, because of EAP, but now
> using two-stage with inner-tunnel to get around this.
>
> Now, all that I'm left with, is how to filter out the users. I have two
> filters that I want to use from OpenLDAP. They are as follows:
>
> accountStatus
> enabledService
>
> I want it to check these two variables, and based on the results to accept
> or reject the users. So, firstly, if accountStatus = active, the user will
> be accepted. The second variable enabledService = wifi, if this also
> matches, it means they are allowed to use the WIFI network.
>
> I already have the default filter:
>
> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
>
> so not sure if I just need to edit this appropriately, or another way?
>
> Regards
>
>
> Ian
>
More information about the Freeradius-Users
mailing list