LDAP-defined huntrgroups: docs, pointers, anything?

Alan DeKok aland at deployingradius.com
Wed Mar 5 12:07:54 UTC 2025


  Please only send messages to one list.  There is no need to send the same messages to multiple lists.

On Mar 5, 2025, at 7:01 AM, Jostein Fossheim via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> We are working on a setup with freeradius using freeipa's ldap-server as a backend for freeradius.
> 
> I have successufully expanded det LDAP-schema with radius-attributes, etc.

  That's good.

> Users, usergroups and clients (IPs and secrets) can be defined via ldap. I am hoping to be able to define huntgroups as well, but I have not found any detailed information on how to procceed.

  The "huntgroups" file format goes back to 1993.  It's defined for local files, and there's no similar functionality for LDAP.

> There is this howto for SQL-based backends, and random searches and LLM-queries don't get me any further:
> 
> https://wiki.freeradius.org/guide/SQL-Huntgroup-HOWTO
> 
> I am not certain if this really is a question for the user list or the devel list, but I can try both.

  Please just post to one list.  The list description for the "devel" list says that it's for people modifying the server source.

  For doing huntgroup-style configuration in LDAP, you will need to define the LDAP schema and queries yourself.  Then, write them in unlang policies.

  And please submit the results back.  We can include them in future releases.

  Alan DeKok.



More information about the Freeradius-Users mailing list