This might not help you at all, but I myself wanted to base Access-Accept and Access-Reject decisions based on LDAP group memberships and other factors. What I ended up doing was implementing the logic in a Go program using a web framework and having that program perform the LDAP query and make all the Accept/Reject decisions based on the obtained group membership information. I then used the FreeRADIUS REST module to communicate the RADIUS attributes to the Go program and use the HTTP result code returned to Accept or Reject the request. Perhaps I could have achieved something similar with Unlang (or perhaps not), but I felt more comfortable implementing the logic in Go. -Martin On Thu, Mar 7, 2019 at 1:55 PM Rong Wang <rzwang@scu.edu> wrote:
This is part of my problem as well. I am trying to get the group name of the LDAP user and write policy based on the group name and user attributes. I have no idea how to do it. Can anyone please help?
Thank you! Rong - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html