sql module and radgroup...
predrag.balorda at gmail.com
Thu Jul 8 15:12:16 CEST 2010
Would it be so difficult to add a "groupinfo" table? Just like you
have /etc/passwords you have /etc/groups so should you have userinfo
and radgroup or groupinfo or somesuch.
Namely, there is an awful kludge in radgroupreply in that if a a reply
with a group name exists then the group exists, otherwise it doesn't.
Now that's funny, it's the same thing as saying if there is an entry
in radcheck then the user exists, otherwise they don't. Which is
silly. Not only in my opinion but in the the opinion of all database
people out there. Referential integrity is non-existent. So is
A simple statement like this in your sql scripts would suffice (mysql
DROP TABLE IF EXISTS `groupinfo`;
CREATE TABLE `groupinfo` (
`id` bigint(20) NOT NULL auto_increment,
`groupname` varchar(200) default NULL,
PRIMARY KEY (`id`),
KEY name (`groupname`)
Then you can draw all sorts of relations back to this table from
radgroupcheck, radgroupreply, usergroup etc.
Try and create a radgroupreply for group "Normal", say a bandwidth
limitation of some sort. Then add another limitation but this time
make an intentional typo and put in "nOrmal" in groupname instead.
What happens? If you had referential integrity the database wouldn't
let you make such mistaks. Just like this silly gmail webmail won't
let me make mistakes and underlines them with a red squiggly line.
I'm saying all this because I'm writing a freeradius frontend (there,
that stupid red squiggly line again) - I'll probably call it
dialUpAdmin# as I'm using NHibernate, mono, asp.net2 and it's going
nice; I'll try and submit the initial version to the cvs (or is it
svn) repository sometime next week - and silliness like this pops up
everywhere. Some simple referential and entity integrity never hurt no
I'm probably talking crap here as I'll be switching to LDAP soon
enough for all this to go away, but still. It'd be nice.
More information about the Freeradius-Devel