i’m new to privacyidea, we just set it up for Fortigate VPN Login with OTP. Users are authenticated via ldap resolvers, one resolver for each ldap user group. It works in general, but our VPN-Policies for SSL-VPN contain the user group. For example: member of Admin-Group = Admin-Policy, member of User-Group = User-Policy.
Is it possible to return the ldap user group in the radius reply, so the Fortigate can match users to policies?
I found some options in authorisation policy template, like “add_resolver_in_response” or “add_user_in_response”, but that doesn’t seem to work :-/
Any suggestions are welcome!