I am wondering if variables other than <USER> and <GROUP> can be used in search filters when configuring an ldap server. I have a sign-in policy using a realm that is configured for 802.1x certificate authentication. The ldap configuration is used for authorization. I want to confirm that the mac address of the client is the same as the mac address stored in ldap. I know that the mac address of the client is being sent during authentication as a Calling-Station-ID radius attribute. I would like my filter to look something like: __(&(objectClass=ieee802Device)(cn=<USER>)(macAddress=<Calling-Station-Id>))_ Is there a way to use the radius attributes from authentication in the ldap authorization filter? Better yet, is the mac address available in a nice preformatted form?
... View more