LDAP-defined huntrgroups: docs, pointers, anything?
Alan DeKok
aland at deployingradius.com
Wed Mar 5 15:04:06 UTC 2025
On Mar 5, 2025, at 9:39 AM, Jostein Fossheim <jfossheim at skyfritt.net> wrote:
>
> One follow up question, I had originally a plan to define radiusAttributes that are mapped to dictionary-attributes on (user)group-objects in ldap, but I abandoned the idea.
>
> But with direct ldap-queries via unlang this should be achievable as well, shouldn’t it?
No. The mapping of LDAP to FreeRADIUS attributes is done only when the LDAP module is run.
When you run an independent LDAP query, you just get one value back.
> For instance a radiusVlanID- or a radiuswifiAccess-attribute, and do a checks on all groups which a user belongs for such attributes. If some are set, then map them to the corresponding dictionary values in the reply.
That won't work. You can't add custom behaviour without changing the source code.
i.e. the documentation and configuration doesn't say that the LDAP module supports the work flow you describe, so it won't work.
Alan DeKok.
More information about the Freeradius-Users
mailing list