3.43.8. PostSearchHook Previous topic Parent topic Child topic Next topic

This optional parameter allows you to define a Perl function that is run during the authentication process. The hook is called after the LDAP search results have been received, and after Radiator has processed the attributes it is interested in. Hook authors can use the appropriate LDAP library routines to extract other attributes and process them in any way.
PostSearchHook has the following arguments:
  1. Handle to the current AuthBy object
  2. User name
  3. Pointer to the current request
  4. Pointer to the User object being constructed to hold the check and reply items for the user being authenticated
  5. This argument ($_[4]) has a different meaning in LDAP, LDAP2, or LDAPSDK:
    • LDAP: it is entry resulting from ldap_first_entry()
    • LDAP2: it is the entry resulting from $result->entry(0), which is the first match of the LDAP search
    • LDAPSDK: it is the result of the LDAP search() function
  6. Pointer to the reply packet currently being constructed
Here is an example of PostSearchHook:
# this example for LDAP2 gets an additional attribute,
# multiplies it by 60 and uses it for Session-Timeout
# as a reply attribute for the user
PostSearchHook sub {my $attr = $_[4]->get('someldapattr');\
            $attr * 60);}
In order to get any attributes you may want to access in the PostSearchHook, you also need to add this to the <AuthBy LDAP> clause:
AuthAttrDef someldapattr
someldapattr is the name of the LDAP attribute you are going to access in the PostSearchHook.