sql module and radgroup...
Alan DeKok
aland at deployingradius.com
Thu Jul 8 16:16:54 CEST 2010
predrag balorda wrote:
> Would it be so difficult to add a "groupinfo" table? Just like you
> have /etc/passwords you have /etc/groups so should you have userinfo
> and radgroup or groupinfo or somesuch.
> Namely, there is an awful kludge in radgroupreply in that if a a reply
> with a group name exists then the group exists, otherwise it doesn't.
? The reply is allowed to be empty. If it is empty, it has no effect
on group membership.
> Now that's funny, it's the same thing as saying if there is an entry
> in radcheck then the user exists, otherwise they don't. Which is
> silly. Not only in my opinion but in the the opinion of all database
> people out there. Referential integrity is non-existent. So is
> entity-integrity.
I have no idea what that means.
> A simple statement like this in your sql scripts would suffice (mysql
> exaple here)
>
> DROP TABLE IF EXISTS `groupinfo`;
> CREATE TABLE `groupinfo` (
> `id` bigint(20) NOT NULL auto_increment,
> `groupname` varchar(200) default NULL,
> PRIMARY KEY (`id`),
> KEY name (`groupname`)
> );
>
> Then you can draw all sorts of relations back to this table from
> radgroupcheck, radgroupreply, usergroup etc.
Sure. That's useful, but not required.
I've seen 7 figure commercial solutions with *less* referential
integrity than the default FreeRADIUS schema.
> Try and create a radgroupreply for group "Normal", say a bandwidth
> limitation of some sort. Then add another limitation but this time
> make an intentional typo and put in "nOrmal" in groupname instead.
> What happens? If you had referential integrity the database wouldn't
> let you make such mistaks. Just like this silly gmail webmail won't
> let me make mistakes and underlines them with a red squiggly line.
You can supply a patch to the SQL schema && statements to add this
capability. The software *is* open source.
> I'm saying all this because I'm writing a freeradius frontend (there,
> that stupid red squiggly line again) - I'll probably call it
> dialUpAdmin# as I'm using NHibernate, mono, asp.net2 and it's going
> nice; I'll try and submit the initial version to the cvs (or is it
> svn) repository sometime next week
'git'.
> - and silliness like this pops up
> everywhere. Some simple referential and entity integrity never hurt no
> one.
Sure. But it's one more requirement before people get the server up
and running.
> I'm probably talking crap here as I'll be switching to LDAP soon
> enough for all this to go away, but still. It'd be nice.
As always, patches are welcome.
Alan DeKok.
More information about the Freeradius-Devel
mailing list