doc/rlm_sql is wrong?

Peter Nixon listuser at peternixon.net
Mon Jan 8 21:04:09 CET 2007


On Mon 08 Jan 2007 21:38, Phil Mayers wrote:
> I've been looking at using rlm_sql to replace a fairly complex set of
> Autz-Type and rlm_passwd maps. Primarily this is to speed up updates
> when e.g. blocking systems and not have to HUP the server.
>
> The doc/rlm_sql file states that processing is done with pairs of
> check/reply items at a time - that is, first the user check items are
> compared and if matches the reply items added; then for each group (in
> order of priority) the group check items are compared and if match the
> reply items added.
>
> The code in rlm_sql.c definitely does not do that, at least in 1.1.3 as
> far as I can understand the code? Instead it appears to smoosh the user
> and all the group check items together, compares them, and if they *all*
> match adds *all* the reply items.
>
> This seems to make groups pretty useless except for using the SQL-Group
> construct in the users file.
>
> Comments?

I believe you are correct. It's been a while since I looked at the SQL Groups 
functionality, but last time I did I quickly decided to do the processing I 
required from my own table structure with an SQL function. That way you get 
_exactly_ what you want at the cost of having to think about a schema that 
fits your need. Works pretty well for us :-)

Someone really needs to take a knife the the SQL Groups code.. But, there you 
have it. Feel free to help out any time you want :-)

Cheers
-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070108/6b4429bc/attachment.pgp>


More information about the Freeradius-Users mailing list