force exit on instanciated ldap module

Ramon Escriba escriba at
Wed Nov 2 18:31:52 CET 2016

Hi experts,
I'm running a Radius 3.0.10, the config it's working fine, I just ask for advice to do one step in a faster way.

I've declared multiple LDAP instances "vlan1,vlan2....vlanN" in /etc/raddb/mods-enabled/ldap . 
Each one queries  just the ldap subtree assigned to a particular vlan.
Each vlan subtree contains it's allowed mac's (uid=mac)
Each mac (uid) has all needed radius attributes for the radius accept packet, that are populated from ldap. 

Actually, all ldap instancies are asked for every "uid=mac" in order sequence, so if there's a match, the attributes are updated from the ldap.

Unfortunately , If one "mac"  matches two ldap instances (ex: vlan1 & vlan2), the last matched instance(vlan2)  overwrites the previous populated attributes(vlan1).

My goal is somehow to stop ldap executing the next instances(vlan2,vlan3...N) if the actual one(vlan 1) got the jackpot, to avoid so many ldap queries.

Right now I'm forced to use a inverse priority ( the last match got the jackpot), that is not the right solution. 
Any clues, or advice?


authorize {
	 eap {
                	ok = return

#ldap instance asking for mac in vlan1
       	vlan1 {
	           ok = return
	           #noop = return

#ldap instance asking for mac in vlan2
	vlan2 {
	                ok = return

#ldap instance asking for mac in vlanN
        	vlanN {
                	ok = return


More information about the Freeradius-Users mailing list