Radius proxy request to other radius for OTP auth

[Satish Patel]

 Let me explain what we are trying to do, we have Cisco anyconnect VPN
and we are using onelogin RADIUS (https://www.onelogin.com/) for OTP,
we have our own OpenLDAP server and onelogin sync our directory
service and provide Auth with OTP solution.

Recently we decided to create multiple Group Policy for VPN and every
group will have own permission to access application, like Sales,
Finance and contractor etc, In short contractor can't access Finance
related application etc.

After reading found ASA support RADIUS attribute Class 25 where i can
create OU=sales and implement policy base on whatever LDAP memberOf
list users.

But unfortunately onelogin doesn't support that kind of attributes
mapping and now we stuck here so only solution is to deploy on radius
server and integrate with google authenticator.

So i have question is there anyway i can use FreeRadius locally and
use attributes Class 25 and then proxy authentication to onlelogin
RADIUS?

What should i do and what you guys suggest here?