This optional parameter allows you to define a Perl function
that is run during the authentication process. The hook is called after
the LDAP search results have been received, and after Radiator has
processed the attributes it is interested in. Hook authors can use LDAP
library routines to extract other attributes and process them in any way.
PostSearchHook is called once for each LDAP result,
as governed by
MaxRecords parameter. If there are no
results, the hook is not run. See
Section 3.47.13. MaxRecords.
PostSearchHook
has the following arguments:
- Handle to the current AuthBy object
- User name
- Pointer to the current request
- Pointer to the User object being constructed to hold the check and
reply items for the user being authenticated
- Search result entry
- Pointer to the reply packet currently being constructed
Here is an example of
PostSearchHook:
# this example for LDAP2 gets an additional attribute,
# multiplies it by 60 and uses it for Session-Timeout
# as a reply attribute for the user
PostSearchHook sub {my $attr = $_[4]->get('someldapattr');\
$_[3]->get_reply->add_attr('Session-Timeout',\
$attr * 60);}
Tip
In order to get any
attributes you may want to access in the
PostSearchHook, you also need to add this to the
<AuthBy LDAP> clause:
AuthAttrDef someldapattr
someldapattr
is the name of the LDAP attribute you are going to access in the
PostSearchHook.
