> why call LDAP in the outerid for EAP- surely call it in the inner-tunnel instead
> (and put some protection around it so that its only called when needed - right
> now, if you look, you'll see your LDAP whacked all over the place during requests
> coming through - at least 3x more queries to the LDAP than you need.)
Well, thanks so much Alan, putting all of this into the inner-tunnel authorization block finally allows me to get the value in post-auth block (of the inner-tunnel). The reason why I put this into the outer tunnel was because I'm calling LDAP for authorization only so I didn't think it should mix with the authentication
done in the inner tunnel, where EAP comes into play.. guess I was wrong.