I have configured freeradius successfully to authenticate users using IEEE802.1x && openLDAP as a back-end DB.

I have seen that we can add `ldap` to the authorize section like this:

authorize {
  ...
  ldap
  ...
}
and we can forbid some users according to openLDAP attribute

authorize {
  ...
  ldap
  if (reply:Eduroam-Enabled != "Y") {
    reject
  }
  ...
}

But what if we want to do authorization like this:

We have multiple web servers:

192.168.1.5
192.168.1.6
192.168.1.7

And we want only some users to have access to `192.168.1.5` web server, how can we forbid other users to access this web server or restrict this web servers to some users according to openLDAP attribute or openLDAP group?

Is there could be done using "authorize" section or "post-auth" section? (provide me with links please)