configuration for retrieving LDAP security group membership

Adam Thompson athompson at
Wed Dec 14 17:02:49 CET 2016

I'm stuck with v 2.2.6, unfortunately.

For the LDAP query, should I add an "update" section to get the group membership? Where should that go, in the LDAP section of the configuration?  

Something like the following?

update {
	reply:Uplogix-User-Groups		:= 'Ldap-Group'


-----Original Message-----
From: Freeradius-Users [ at] On Behalf Of Alan DeKok
Sent: Tuesday, December 13, 2016 4:48 PM
To: FreeRadius users mailing list
Subject: Re: configuration for retrieving LDAP security group membership

On Dec 13, 2016, at 4:31 PM, Adam Thompson <athompson at> wrote:
> I need to configure FreeRADIUS Version 2.2.6 to retrieve LDAP security group membership, and am hoping someone here can help.

  It can retrieve LDAP group membership, mostly.  But it's really limited to checking LDAP group membership.

> In this case I have a web application that queries FreeRADIUS. FreeRADIUS then goes to the LDAP server and authenticates the user. User authentication works, but I've tried a couple of things to get the LDAP server to return security group membership with no luck.

  You can just do an LDAP query, and return that.

  Or, use v3, which caches LDAP group membership.  Version 2 is old and no longer supported.

  Alan DeKok.

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list