cancel
Showing results for 
Search instead for 
Did you mean: 

UAC radius attributes in ldap filter

Highlighted
Not applicable

UAC radius attributes in ldap filter

I am wondering if variables other than <USER> and <GROUP> can be used in

search filters when configuring an ldap server.

I have a sign-in policy using a realm that is configured for 802.1x certificate

authentication. The ldap configuration is used for authorization. I want to

confirm that the mac address of the client is the same as the mac address stored

in ldap.

I know that the mac address of the client is being sent during authentication

as a Calling-Station-ID radius attribute.

I would like my filter to look something like:

__(&(objectClass=ieee802Device)(cn=<USER>)(macAddress=<Calling-Station-Id>))_

Is there a way to use the radius attributes from authentication in the ldap authorization

filter? Better yet, is the mac address available in a nice preformatted form?

1 REPLY 1
Highlighted
Regular Contributor

Re: UAC radius attributes in ldap filter

Hi

You could use any radius attribute from incoming request as filter.

And the syntac you used is correct.

Regards,

Raveen