Authorizing using LDAP attributes

Clayton Knorr clayton.knorr at
Mon May 9 17:25:58 CEST 2016

Ok I got this to work in my freeradius 2.1.x setup.

I changed the attribute map to a reply item, then in sites-enabled/default I changed my logic to include reply:My-Local-String along with Alan's ldap.authorize.

        if ( Called-Station-Id == "AC-86-74-46-65-91:Peep" && reply:My-Local-String == "A1000" ) {

        else {

-----Original Message-----
From: Freeradius-Users [ at] On Behalf Of Alan DeKok
Sent: Monday, May 9, 2016 9:58 AM
To: FreeRadius users mailing list <freeradius-users at>
Subject: Re: Authorizing using LDAP attributes

On May 9, 2016, at 9:29 AM, Clayton Knorr <clayton.knorr at> wrote:
> Adding ldap.authorize to the post-auth section didn't seem to change anything except adding a "++[ldap.authorize] returns ok" to the logs

  Hmm... it should show it adding the attributes.

> Is there a preferred way to do this I can use in version 2.2.x? 

  Upgrade to 3.0.

  Alan DeKok.

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list