Referencing LDAP attributes in post-auth

Adam Track adamtrack at
Fri Dec 9 20:35:43 CET 2011

>Full debug please.
>Broadly speaking the approach you're trying should work. Most likely 
>there's some subtlety which the partial debug doesn't show.
>One obvious question: you have defined "Person-Type" in a dictionary 
>somewhere, haven't you? e.g. in raddb/dictionary:
>Also, the usual "upgrade 2.1.8 is a bit old" note goes here ;o)

I recently saw another question along the same lines as this, so decided to give this another go...
Am now running 2.1.10, and yes, Person-Type is defined in dictionary and ldap.attrmap.  I've also defined in dictionary the following in hopes of passing on the value of Person-Type to this attribute:

ATTRIBUTE       Person-Group                3001    string

For the (outer) virtual server, in the authorize block I have the following:
        update control {
                Person-Group = "%{reply:Person-Type}"

In post-auth:
     update reply {
               Reply-Message := "You are %{control:Person-Group}."

I still cannot figure out how to pass this value from authorize to 
post-auth.  BTW, this is a multi-valued attribute, so what I'm really 
trying to do is to call a perl script in post-auth to iterate through 
all possible values, and set vlan based on whether a particular value 
exists, thus shouldn't be done within authroize. Debug attached (I hope).. can't seem to post with it on here due to 100KB limit.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debug
Type: application/octet-stream
Size: 66368 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list