Add LDAP groups as extra attributes

Phil Mayers p.mayers at imperial.ac.uk
Wed Mar 13 15:52:10 CET 2013


On 13/03/13 14:44, Robin Helgelin wrote:
> Hi!
>
> I want to add the LDAP-users current groups as extra attributes to the
> authentication reply.
>
> Is it possible? I'm having a hard time finding documentation about this.

Yes. Edit the ldap.attrmap to map the LDAP group attribute to a RADIUS 
attribute, and add the RADIUS attribute to raddb/dictionary (taking care 
to note the comments about numbering i.e. pick a number from 3000-3999). 
Don't re-use an existing attribute - many of the xxGroup attribute have 
"magic" behaviour hooks.


More information about the Freeradius-Users mailing list