Want to include LDAP group information in Access-Accept message

[Stefan Paetow]

> I am wondering if I can set up FreeRadius to send back the LDAP groups that a user 
> is a member of. Authentication with LDAP should use the username. 

Yes.

> Is it possible to get FreeRadius to query the LDAP server to find the groups associated 
> with that username, then send this group list back to the connecting user in the Access-
> Accept message? 

Yes.

> Will this require a plugin? 

No. You can do this in the inner-tunnel (if you use EAP) and return the attribute(s) to the outer reply. You can either use an ldap xlat to retrieve information in the post-auth section (use ldapsearch to get your query right, then plug it into an ldap xlat (i.e. Attribute := "%{ldap:<ldapquery here>}"), or you can set up the ldap module right from the start, and it'll retrieve everything in one go. :-)

> Can someone give me some guidance on how to do this?



Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238