How to use LDAP Group attributes in post-auth section?

Alan DeKok aland at
Wed Jan 8 21:52:57 CET 2020

On Jan 8, 2020, at 1:57 PM, uj2.hahn at wrote:
> Hi, Alan!
> Thanks again for very quick help. Some comments:
>   > You can do an LDAP query, off the time limits are in LDAP.
> Is there any hook in the LDAP module for that? Or do you mean to call a subprocess
> like " `ldapsearch ......` " in the post-auth section? Guess this has performance disadvantages
> because it would be called by each user login.
> Is there a freeradius initialization module which can be used for this query to do it once only?

  You can use dynamic expansions:

	update reply {
		Reply-Message := "%{ldap: ... ldap query ... }"

  The server will run the LDAP query, and copy the string output to the attribute.

  Alan DeKok.

More information about the Freeradius-Users mailing list