LDAP Authentication.

scatmanwalks scatmanwalks at gmail.com
Thu Mar 24 13:22:57 CET 2016


Never mind, I figured it out.  I thought I would need to do some
checkReply, receiveReply options however it's not needed.  All I had to put
in the ldap module was this:

filter =
"(&(uid=%{%{Stripped-User-Name}:-%{User-Name}})(accountStatus=active)(enabledService=wifi))"

and then it rejected without problems.  If someone has both these
attributes set, then they can login without problems.  So this is good.

On 23 March 2016 at 07:18, scatmanwalks <scatmanwalks at gmail.com> wrote:

> Hi,
>
> I have LDAP authentication working fine, checked and tested.  Incurred a
> little problem when integrating with the device, because of EAP, but now
> using two-stage with inner-tunnel to get around this.
>
> Now, all that I'm left with, is how to filter out the users.  I have two
> filters that I want to use from OpenLDAP.  They are as follows:
>
> accountStatus
> enabledService
>
> I want it to check these two variables, and based on the results to accept
> or reject the users.  So, firstly, if accountStatus = active, the user will
> be accepted.  The second variable enabledService = wifi, if this also
> matches, it means they are allowed to use the WIFI network.
>
> I already have the default filter:
>
>         filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
>
> so not sure if I just need to edit this appropriately, or another way?
>
> Regards
>
>
> Ian
>


More information about the Freeradius-Users mailing list