If I want to authorize users based on the value of say the memberof attribute in AD, my understanding is I can do this via the filter attributes under auth source or I can write an enforcement rule to check the AD attribute. Assuming I don't need to return a RADIUS attribute to the client based on this value, does it matter which method I use? Is one way more efficient than the other?
I tried both ways in testing and it looks like the only difference for a reject is with the filter method I get a user not found message and with the enforcement method I get "Applied 'Reject' profile".
Thanks in advance.