LDAP groups and attributes

Jethro Carr jethro.carr at jethrocarr.com
Mon Mar 1 21:55:22 CET 2010

hi all,

I have setup a FreeRadius server which is authenticating against an
OpenLDAP database.

It's all working very nicely and I have it setup with radius attributes
being stored inside the LDAP database for each user.

However, what would be nice, would be to have the ability to store
radius attributes against groups that the user belongs to, so that when
radius queries the user, it gets all the attributes for all the groups
that the user belongs to.

I've had a look through the rlm_ldap documentation which has some
configuration options for groups, however it seems to me that this is
for authenticating users based on which group they are in, rather than
being able to fetch attributes from the groups that the user belongs to?

Is this understanding correct, or am I missing something?

thanks in advance for any help! :-)

FreeRadius version is 1.1.3 (RHEL 5 build) if that's important.


Jethro Carr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100302/1fe21d36/attachment.pgp>

More information about the Freeradius-Users mailing list