3.47.9. PostSearchHook Previous topic Parent topic Child topic Next topic

This optional parameter allows you to define a Perl function that is run during the authentication process. The hook is called after the LDAP search results have been received, and after Radiator has processed the attributes it is interested in. Hook authors can use LDAP library routines to extract other attributes and process them in any way. PostSearchHook is called once for each LDAP result, as governed by MaxRecords parameter. If there are no results, the hook is not run. See Section 3.47.13. MaxRecords.
PostSearchHook has the following arguments:
  • Handle to the current AuthBy object
  • User name
  • Pointer to the current request
  • Pointer to the User object being constructed to hold the check and reply items for the user being authenticated
  • Search result entry
  • Pointer to the reply packet currently being constructed
Here is an example of PostSearchHook:
# this example for LDAP2 gets an additional attribute,
# multiplies it by 60 and uses it for Session-Timeout
# as a reply attribute for the user
PostSearchHook sub {my $attr = $_[4]->get('someldapattr');\
            $_[3]->get_reply->add_attr('Session-Timeout',\
            $attr * 60);}
Tip
In order to get any attributes you may want to access in the PostSearchHook, you also need to add this to the <AuthBy LDAP> clause:
AuthAttrDef someldapattr
someldapattr is the name of the LDAP attribute you are going to access in the PostSearchHook.