How to use LDAP Group attributes in post-auth section?
Alan DeKok
aland at deployingradius.com
Wed Jan 8 21:52:57 CET 2020
On Jan 8, 2020, at 1:57 PM, uj2.hahn at posteo.de wrote:
>
> Hi, Alan!
> Thanks again for very quick help. Some comments:
>
> > You can do an LDAP query, off the time limits are in LDAP.
>
> Is there any hook in the LDAP module for that? Or do you mean to call a subprocess
> like " `ldapsearch ......` " in the post-auth section? Guess this has performance disadvantages
> because it would be called by each user login.
> Is there a freeradius initialization module which can be used for this query to do it once only?
You can use dynamic expansions:
update reply {
Reply-Message := "%{ldap: ... ldap query ... }"
}
The server will run the LDAP query, and copy the string output to the attribute.
Alan DeKok.
More information about the Freeradius-Users
mailing list