1 files changed, 16 insertions, 0 deletions

diff --git a/radsecproxy.conf.5.xml b/radsecproxy.conf.5.xml
index 428f2de..2b6367c 100644
--- a/radsecproxy.conf.5.xml
+++ b/radsecproxy.conf.5.xml
@@ -644,6 +644,7 @@ blocktype name {
       <literal>AddTTL</literal>, <literal>rewrite</literal>,
       <literal>rewriteIn</literal>, <literal>rewriteOut</literal>,
       <literal>statusServer</literal>, <literal>retryCount</literal>,
+      <literal>dynamicLookupCommand</literal> and
       <literal>retryInterval</literal> and
       <literal>LoopPrevention</literal>.
     </para>
@@ -679,6 +680,21 @@ blocktype name {
       an interval of 5s.
     </para>
     <para>
+      The option <literal>dynamicLookupCommand</literal> can be used
+      to specify a command that should be executed to dynamically
+      configure a server.  The executable file should be given with
+      full path and will be invoked with the name of the realm as its
+      first and only argument.  It should either print a valid
+      <literal>server</literal> option on stdout and exit with a code
+      of 0 or print nothing and exit with a non-zero exit code.  An
+      example of a shell script resolving the DNS NAPTR records for
+      the realm and then the SRV records for each NAPTR matching
+      'x-eduroam:radius.tls' is provided in
+      <literal>tools/naptr-eduroam.sh</literal>.  This option was
+      added in radsecproxy-1.3 but tends to crash radsecproxy versions
+      earlier than 1.6.
+    </para>
+    <para>
       Using the <literal>LoopPrevention</literal> option here
       overrides any basic setting of this option.  See section
       <literal>BASIC OPTIONS</literal> for details on this option.