Questions about ldap authentication, huntgroup and authorize file

Alan DeKok aland at
Thu Oct 12 17:31:53 CEST 2017

On Oct 12, 2017, at 10:52 AM, Jérôme BERTHIER <Jerome.Berthier at> wrote:
> Yes thanks you
> but as far as I see, this syntax does not work inside the file authorize.

  It's not supposed to work there.  You need to put it into the "default" virtual server.

> I tried to create a specific module file for a specific ldap instance myldap1 then I called it in the file authorize.
> In both cases, the module authorize is not validated for starting radiusd :
> /etc/raddb/mods-config/files/authorize[228]: Parse error (check) for entry DEFAULT: Unknown attribute "myldap1-Ldap-Group"
> Failed reading /etc/raddb/mods-config/files/authorize
> /etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"

  That should work if the server is configured correctly.

  Again... post the debug output.  ALL of it.

> I understand that it is possible to use specific ldap instance and to call it to parse group using <myldap>-Ldap-Group but it seems that it is not supported in the file authorize.

  It is supported.  You may need to fix your configuration.

  Alan DeKok.

More information about the Freeradius-Users mailing list