Using the contents of LDAP-Group

Michael Schwartzkopff ms at
Mon Dec 14 12:20:33 CET 2020


I want to reply with the contents of the LDAP-Group Attribute.

According to the doc I have

post-auth {

  if ( LDAP-Group == "admin" ) {
    update reply {
      Reply-Message += "sysmaster"

This works. But I want to reply the contents of the LDAP Group attribut.
So I'd like to do something like

if ( LDAP-Group) {

  update reply {

    Reply-Message += "%{LDAP-Group}"



This does not work. First of all, the if condition is never met. Also
the Reply-Message is empty if

I check the (LDAP-Group == "admin"). Also tried to add the "control"
list to the attribut, but without success.

Any hints?

Mit freundlichen Grüßen,


[*] sys4 AG, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list