Referring to module-specific information in post-auth

Alan DeKok aland at
Mon Nov 14 16:41:00 CET 2016

On Nov 11, 2016, at 5:33 PM, Stefan Paetow <Stefan.Paetow at JISC.AC.UK> wrote

> In the ldap module you have the config entries 'server' and 'base_dn'.
> In the post-auth section, I tried to do this:
> update reply {
>    Tmp-String-1 :=
> "%{ldap:ldap://${modules.ldap.server}/${modules.ldap.base_dn}?uid??(&(objec
> tClass=user)(accountMapping=%{reply:Chargeable-User-Identity}}"
> }
> On initial start the ${...} values are expected to be replaced by their
> real equivalents.

  They should be.

> Given that "policy" exists in the "policy" entry in
> radiusd.conf, and "client" in "clients.conf" (where each is defined), I
> was expecting "modules" to be accessible?

  All configuration items are accessible via the expansion ${..}  i.e. ${section.subsection1.subsection2.item}

  These strings are expanded when the server starts, and are treated as fixed strings after that.

> There is something I'm missing,
> isn't it? Something really silly?

  No idea.   What does the debug output show?

  Alan DeKok.

More information about the Freeradius-Users mailing list