Le 23/10/2013 14:12, Arran Cudbard-Bell a écrit :
(2) sql : expand: "%{User-Name}" -> '002324609e3f' (2) sql : SQL-User-Name set to "002324609e3f" rlm_sql (sql): Reserved connection (4) (2) sql : expand: "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '002324609E3F' ORDER BY id' rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '002324609E3F' ORDER BY id' (2) sql : expand: "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" -> 'SELECT groupname FROM radusergroup WHERE username = '002324609E3F' ORDER BY priority' rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = '002324609E3F' ORDER BY priority' rlm_sql (sql): Released connection (4) (2) [sql] = noop It’s consistent with the users file, which also returns noop if not entries match.
Things like rlm_ldap are different because you’re looking for a specific object in the directory, so it’s ok to return notfound.
I guess both rlm_files and rlm_sql could return notfound if no key matched, and noop if no entry matched. Do people think this would be a useful distinction?
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks for your answer. Maybe I was mistaken to rely on sql return code in the authorize section ?
If it's consistent with other modules, I'd rather modify my authenticate section to do a sql query in order to check the presence of the user, shouldn't I ? Rgds. -- Philippe MARASSE Pôle Infrastructures - Direction du Système d'Informations et de l'Organisation Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Coeur 86021 Poitiers Cedex Tel : 05.49.44.57.19