> > ...where the three ldap instances above are identical except the filter which > is: > > ldap_macauth: > filter = > "(&(macAddress=%{Calling-Station-Id})(radiusNASIpAddress=%{NAS-IP-Address})(radiusHint=%{NAS-Port}))" > ldap_macauth_NAS_only: > filter = > "(&(macAddress=%{Calling-Station-Id})(radiusNASIpAddress=%{NAS-IP-Address}))" > ldap_macauth_mobility: > filter = "(macAddress=%{Calling-Station-Id})"
No. It's a really inefficient way of doing this. Use generic attribute maps or an update ldap schema to pull the necessary values into control attributes, and then do the comparison in policy language. Otherwise you end up doing multiple LDAP queries which are comparatively extremely slow to anything else you're doing in the policy. Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html