rlm_sql.c in 2.0.0-pre2
Phil Mayers
p.mayers at imperial.ac.uk
Sat Jul 7 16:13:46 CEST 2007
> Unfortunately whoever modified rlm_sql in cvs head chose a very
> inefficient querying system.
So change it - stored procedures maybe?
>
> First you query to pull out group membership, second you query to get
> each groups check items, then to get each groups reply items ... It just
> doesn't scale when a users a member of lots of groups.
>
> Previously you pulled out all the records for all the groups a user was
> a member of in two queries, one for check items and one for reply items..
Eh? I've got to strongly disagree with that - the old code was a
DISASTROUS scheme. If you had 2 groups with check items:
RESIDENCES:
check: Calling-Station-Id ~ 192.168.
reply: Filter-Id = resnet
CONFERENCES:
check: Calling-Station-Id ~ 10.
reply: Filter-Id = conferencenet
...and "johndoe" was in BOTH, NEITHER of them would *ever* match.
Merging the groups' check items was just idiotic. The new version is
far, far better.
>
> ---
>
> Still think it would be a nice idea to have the option to disable single
Not sure what you mean by that?
> user lookups, SQL queries really are very expensive .
Expensive: we're doing ~260k authentications a day, each involving at
least 1 SQL SELECT and 1 SQL INSERT and we've no problems. Hardware is
nothing massively silly - dual-proc DL380 running both the SQL and
Radius server.
>
More information about the Freeradius-Users
mailing list