Check in users file using a string attribute obtained from ldap

Alan DeKok aland at
Fri Dec 24 16:09:52 CET 2010

Kostas Zorbadelos wrote:
> - have freeradius query an ldap server to get the usual user entry with one 
> check and a few reply attributes
> - have after that a users file, that based on the check attribute obtained 
> before by the ldap module make some processing (eg add a few common reply 
> attributes)

  The "users" file can't really do this.

> I looked at the source code and from what I understood the ldap module puts 
> all check items in the so called control (or check list), while rlm_file makes 
> checks in the request list


> So I figured that doing an unlang update request would solve the problem.
>         update request {
>                 Group = "%{control:Ascend-Group}"

  Uh... that is wrong on a number of levels.  The "Group" attribute has
an existing definition: Unix group comparison.  You can't use it for
anything else.

  See raddb/dictionary for how to create local attributes.

  Alan DeKok.

More information about the Freeradius-Users mailing list