Hi, I am currently in the process of migrating our 2.2.9 setup to 3.0.11 and, naturally, stumbled over a few things (i.e. more messages will follow). It seems that SQL-User-Name is not usable in expansions any more, only when calling the module (we use authorize_check_query and authorize_reply_query). When I put this (for testing only) in my authorize section ... update { request:Stripped-User-Name := "bla" } update { control:Tmp-String-0 := "%{sql:SELECT '%{SQL-User-Name}'}" } ... I get this in the debug output: (0) authorize { (0) update { (0) request:Stripped-User-Name := "bla" (0) } # update = noop (0) update { (0) EXPAND %{Stripped-User-Name} (0) --> bla (0) SQL-User-Name set to 'bla' rlm_sql (sql): Reserved connection (1) (0) Executing select query: SELECT '' rlm_sql (sql): Released connection (1) (0) EXPAND %{sql:SELECT '%{SQL-User-Name}'} (0) --> (0) control:Tmp-String-0 := (0) } # update = noop ... So, it says that Stripped-User-Name will contain "bla", but in the query it is the empty string. Is this intended, a glitch, or am I doing something wrong? My current workaround is to escape myself (with %{escape:%{Stripped-User-Name}} and proper escape_characters in the expr config). Regards Jakob