Best Practices - maximum NAS entries in clients.conf

Fajar A. Nugraha list at fajar.net
Tue Sep 13 13:54:21 CEST 2011


On Tue, Sep 13, 2011 at 5:04 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>>> With current sql module (that only reads nas list from sql during
>>> startup/HUP) I can use one sql/mysql/*.conf to specify the query, and
>>> have each sql instance $INCLUDE it. If we can do similar thing with
>>> "%{sql:" expansion (e.g. store the query in some temporary internal
>>> variable/attribute) it'd be reduce the measiness greatly, but I
>>> haven't found out how to do it yet.
>>
>> You can't. It's not currently possible, and would require changes to the
>> source code.
>
> Wait, I think I've misunderstood you.
>
> Do you mean something like this?
>
> update control {
>  SQL-Query := "select * from foo where bar=1"
> }
> sql_redundant_xlat
> # output now in control:Tmp-String-0
>
> ...then in policy.conf:
>
> policy {
>  sql_redundant_xlat {
>    update control {
>      Tmp-String-0 := "%{sql1:%{control:SQL-Query}}"
>    }
>    if (control:Tmp-String-0 == "") {
>      update control {
>        Tmp-String-0 := "%{sql2:%{control:SQL-Query}}"
>      }
>    }
>  }
> }

Hmm .... now that you wrote it in example it looks pretty easy :)

I have to do some testing later. I forgot whether in the past I used
temporary radius attribute (SQL-Query in your example) or
configuration variable (using  ${section.subsection.variable}). At
that time some characters on the query got escaped so the queries
resulted in an error.

I'll update the results later. Thanks.

-- 
Fajar




More information about the Freeradius-Users mailing list