How to use LDAP Group attributes in post-auth section?

uj2.hahn at uj2.hahn at
Thu Jan 9 11:21:47 CET 2020

 This works very well! Not only in LDAP module but in post-auth section
of default file as well.
 And not only related to radius profile LDAP attributes but to any!
 It took me a while to find out the right syntax but finally I found it
in the documentation:

 update reply {
 Reply-Message :=

Thanks a lot (again)!


On 08.01.2020 21:52, Alan DeKok wrote: 

> On Jan 8, 2020, at 1:57 PM, uj2.hahn at wrote:
>> Hi, Alan!
>> Thanks again for very quick help. Some comments:
>>> You can do an LDAP query, off the time limits are in LDAP.
>> Is there any hook in the LDAP module for that? Or do you mean to call a subprocess
>> like " `ldapsearch ......` " in the post-auth section? Guess this has performance disadvantages
>> because it would be called by each user login.
>> Is there a freeradius initialization module which can be used for this query to do it once only?
> You can use dynamic expansions:
> update reply {
> Reply-Message := "%{ldap: ... ldap query ... }"
> }
> The server will run the LDAP query, and copy the string output to the attribute.
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See [1]


More information about the Freeradius-Users mailing list