LDAP groups and attributes

John Dennis jdennis at redhat.com
Mon Mar 1 23:42:19 CET 2010

On 03/01/2010 03:55 PM, Jethro Carr wrote:
> hi all,
> I have setup a FreeRadius server which is authenticating against an
> OpenLDAP database.
> It's all working very nicely and I have it setup with radius
> attributes being stored inside the LDAP database for each user.
> However, what would be nice, would be to have the ability to store
> radius attributes against groups that the user belongs to, so that
> when radius queries the user, it gets all the attributes for all the
> groups that the user belongs to.
> I've had a look through the rlm_ldap documentation which has some
> configuration options for groups, however it seems to me that this
> is for authenticating users based on which group they are in, rather
> than being able to fetch attributes from the groups that the user
> belongs to?
> Is this understanding correct, or am I missing something?

If I understand correctly what you would like to do then check out
"profiles" in the ldap_howto.txt. A profile is a way to associate a set 
of attributes (e.g. the profile) with a user.

> thanks in advance for any help! :-)
> FreeRadius version is 1.1.3 (RHEL 5 build) if that's important.

BTW, you can find a current 2.1.8 build for RHEL 5 by visiting

John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?

More information about the Freeradius-Users mailing list