All, We are trying to use the user_filter options to limit authentication to a single user group. The cusotmer has security rules that they want to only have users belonging to a group to have access. Sample we have tried. auth_bind = yes auth_bind_userdn = EXAMPLE\%n base = / hosts = example.test.com ldap_version = 3 user_filter = (&(sAMAccountName=)(memberOf=CN=LR3BCC-DL,OU=Autonomy,OU=Exchange,OU=Enterprise Administration,DC=example,DC=test,DC=com)) Thanks Tony
On 5.7.2012, at 16.45, Tony Hlabse wrote:> We are trying to use the user_filter options to limit authentication to a single user group. The cusotmer has security rules that they want to only have users belonging to a group to have access. Sample we have tried. > > auth_bind = yes > auth_bind_userdn = EXAMPLE\%nuser_filter is used only for userdb lookup, not for authentication. You could use pass_filter to limit authentication, but with the auth_bind_userdn setting enabled that doesn't work because its whole purpose is to skip the pass_filter.