unlang and optimization

[Jason 'XenoPhage' Frisvold]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

	I'm looking for some information on optimizing some of the
configuration I've made in my freeradius 2.2.0 installation.
Specifically, I need to set a variable based on the LDAP Group
membership of a user.  I'm doing this in the post-auth section at the
moment, which I think is correct.  The syntax I'm using is as follows :

if (LDAP-Group == "cn=violations,ou=groups,o=mycorp") {
   update request {
      Tmp-String-0 := "VIOLATORS"
   }
}
elsif (LDAP-Group == "cn=guests,ou=groups,o=mycorp") {
   update request {
      Tmp-String-0 := "GUEST"
   }
}

	This seems to work fine, but I'm not sure if this is the right way to
go about it.  LDAP is getting a query for each if statement which
seems a little much?  Is there a way to have the full memberOf list
sent back to RADIUS in one shot and then have it processed internally
without having to beat up LDAP?

	I had tried to use a switch/case statement to do this as well, but
that doesn't seem to work.  Two questions here.  First, is switch/case
better to use for this or is it functionally equivalent to the
if/elsif statement?  And second, the syntax I used is below.. Did I do
something wrong, or is this not supported?

switch LDAP-Group {
   case "cn=violations,ou=groups,o=mycorp" {
      update request {
         Tmp-String-0 := "VIOLATORS"
      }
   }
   case "cn=guests,ou=groups,o=mycorp" {
      update request {
         Tmp-String-0 := "GUEST"
      }
   }
}


Thanks,

- -- 
- ---------------------------
Jason 'XenoPhage' Frisvold
xenophage at godshell.com
- ---------------------------

"Any sufficiently advanced magic is indistinguishable from technology.\"
- - Niven's Inverse of Clarke's Third Law
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlF5drEACgkQO80o6DJ8Uvnx4gCdEOriy/lBK5P/AbV1CsiS3YbO
zlQAn02AmVmfUbKlz0LmfWTu0Hi8tKq0
=F8oD
-----END PGP SIGNATURE-----