Multi-valued LDAP attribute configuration

Alan DeKok aland at
Tue Sep 12 15:13:45 CEST 2017

On Sep 12, 2017, at 9:00 AM, Srinivasa R <srinivasa.r at> wrote:
> I have installed FreeRADIUS server (Version 3.0.4)

  I would suggest upgrading to 3.0.15.

> on Cent 7 OS and
> configured the external authentication with 389-DS server using rlm_ldap
> module. I would like to authenticate the mac address of all the user which
> I have stored in LDAP. The macaddress field in LDAP is a multi value
> attribute and the Freeraiud is communicating with LDAP without any issues,
> but the freeradius is authenticating only the first macaddress value from
> LDAP's multi value field.

  That's how it works, unfortunately...

> I would like to configure the Freeradius to authenticate all the values
> from multi value filed.

  What does that mean?  To allow any of those MAC addresses to be used?

> Someone suggested that we can configure this using
> rlm_python or rlm_perl module. I am not a coder and I am not able to find
> any step by guide to configure the same. Could someone guide me on how to
> configure the Freeradius to authenticate Multi-valued LDAP attribute?

  FreeRADIUS doesn't support multivalued attributes like that.

  Alan DeKok.

More information about the Freeradius-Users mailing list