I am wondering if variables other than <USER> and <GROUP> can be used in
search filters when configuring an ldap server.
I have a sign-in policy using a realm that is configured for 802.1x certificate
authentication. The ldap configuration is used for authorization. I want to
confirm that the mac address of the client is the same as the mac address stored
I know that the mac address of the client is being sent during authentication
as a Calling-Station-ID radius attribute.
I would like my filter to look something like:
Is there a way to use the radius attributes from authentication in the ldap authorization
filter? Better yet, is the mac address available in a nice preformatted form?
You could use any radius attribute from incoming request as filter.
And the syntac you used is correct.