Multi-valued LDAP attribute configuration

Steffen Klemer steffen.klemer at
Tue Sep 12 18:36:37 CEST 2017

Am Di, 12.09.2017 um 18:30 schrieb Srinivasa R
<srinivasa.r at>:

> I have installed FreeRADIUS server (Version 3.0.4) on Cent 7 OS and
> configured the external authentication with 389-DS server using
> rlm_ldap module. I would like to authenticate the mac address of all
> the user which I have stored in LDAP. The macaddress field in LDAP is
> a multi value attribute and the Freeraiud is communicating with LDAP
> without any issues, but the freeradius is authenticating only the
> first macaddress value from LDAP's multi value field.
> I would like to configure the Freeradius to authenticate all the
> values from multi value filed. Someone suggested that we can
> configure this using rlm_python or rlm_perl module. I am not a coder
> and I am not able to find any step by guide to configure the same.
> Could someone guide me on how to configure the Freeradius to
> authenticate Multi-valued LDAP attribute?

I used unlang features to implement sth. like this. I think you can
adapt it to your use case.

In the LDAP module I have sth like

update {
  request:gwdg-user-services += 'userServices'

where userServices is multi-valued and sometimes included

In the site I check against all occurrences:

if ( &gwdg-user-services[*] !~ /eduroamNotAllowed/ ) {


Steffen Klemer                     E-Mail: Steffen.Klemer at
                                   Tel:    +49 551 201 2170

GWDG - Gesellschaft für wissenschaftliche
Datenverarbeitung mbH Göttingen
Am Faßberg 11, 37077 Göttingen

Tel:    +49 551 201-1523
E-Mail: support at

Tel:    0551 201-1510
Fax:    0551 201-2150
E-Mail: gwdg at
Geschäftsführer:           Prof. Dr. Ramin Yahyapour
Aufsichtsratsvorsitzender: Prof. Dr. Christian Griesinger
Sitz der Gesellschaft:     Göttingen
Registergericht: Göttingen, Handelsregister-Nr. B 598
Zertifiziert nach ISO 9001

More information about the Freeradius-Users mailing list