How to use LDAP Group attributes in post-auth section?
uj2.hahn at posteo.de
uj2.hahn at posteo.de
Thu Jan 9 11:21:47 CET 2020
Hah!!
This works very well! Not only in LDAP module but in post-auth section
of default file as well.
And not only related to radius profile LDAP attributes but to any!
It took me a while to find out the right syntax but finally I found it
in the documentation:
update reply {
Reply-Message :=
"%{ldap:ldap:///cn=gast,ou=groups,dc=kms,dc=de?radiusLoginTime}"
}
Thanks a lot (again)!
Regards
Uwe
On 08.01.2020 21:52, Alan DeKok wrote:
> On Jan 8, 2020, at 1:57 PM, uj2.hahn at posteo.de wrote:
>
>> Hi, Alan!
>> Thanks again for very quick help. Some comments:
>>
>>> You can do an LDAP query, off the time limits are in LDAP.
>>
>> Is there any hook in the LDAP module for that? Or do you mean to call a subprocess
>> like " `ldapsearch ......` " in the post-auth section? Guess this has performance disadvantages
>> because it would be called by each user login.
>> Is there a freeradius initialization module which can be used for this query to do it once only?
>
> You can use dynamic expansions:
>
> update reply {
> Reply-Message := "%{ldap: ... ldap query ... }"
> }
>
> The server will run the LDAP query, and copy the string output to the attribute.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html [1]
Links:
------
[1] http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list