I would like to lock down one of my validation servers to just a particular group. The connection is for a Junos Pulse VPN and we are using the username-ldappassword-authentication sequence. It is set up to use a user store that is shared with another vpn so I do not want to restrict the group on the user store itsefl. Where would I go and what filter would I enter to get this working. I have tried Radius to LDAP mapping using mapping attribute login_lat_group and setting up the secondary query but it keeps telling me there is a validation error.
I have it set as:
search attribute=member
secondary base dn = ou=groups,o=coname
secondary filter = (&(objectClass=groupofNames)(cn=token_users,ou=multifactor,ou=corp,ou=application_access,ou=groups,o=coname)
LDAP Mapping Attribute=member
Am I not setting this in the correct spot or missing something else?