rlm_sql.c in 2.0.0-pre2

Phil Mayers p.mayers at imperial.ac.uk
Sat Jul 7 16:13:46 CEST 2007


> Unfortunately whoever modified rlm_sql in cvs head chose a very 
> inefficient querying system.

So change it - stored procedures maybe?

> 
> First you query to pull out group membership, second you query to get 
> each groups check items, then to get each groups reply items ... It just 
> doesn't scale when a users a member of lots of groups.
> 
> Previously you pulled out all the records for all the groups a user was 
> a member of in two queries, one for check items and one for reply items..

Eh? I've got to strongly disagree with that - the old code was a
DISASTROUS scheme. If you had 2 groups with check items:

RESIDENCES:
  check: Calling-Station-Id ~ 192.168.
  reply: Filter-Id = resnet

CONFERENCES:
  check: Calling-Station-Id ~ 10.
  reply: Filter-Id = conferencenet

...and "johndoe" was in BOTH, NEITHER of them would *ever* match.
Merging the groups' check items was just idiotic. The new version is
far, far better.



> 
> ---
> 
> Still think it would be a nice idea to have the option to disable single 

Not sure what you mean by that?

> user lookups, SQL queries really are very expensive .

Expensive: we're doing ~260k authentications a day, each involving at
least 1 SQL SELECT and 1 SQL INSERT and we've no problems. Hardware is
nothing massively silly - dual-proc DL380 running both the SQL and
Radius server.

> 




More information about the Freeradius-Users mailing list