sql module behavior differs from 2.2.1 to 3.0.0 ?

Philippe MARASSE philippe.marasse at ch-poitiers.fr
Wed Oct 23 14:28:47 CEST 2013


Le 23/10/2013 14:12, Arran Cudbard-Bell a écrit :
>> (2) sql :       expand: "%{User-Name}" -> '002324609e3f'
>> (2) sql : SQL-User-Name set to "002324609e3f"
>> rlm_sql (sql): Reserved connection (4)
>> (2) sql :       expand: "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id" -> 'SELECT id, username, attribute, value, op FROM radcheck WHERE
>> username = '002324609E3F' ORDER BY id'
>> rlm_sql (sql): Executing query: 'SELECT id, username, attribute, value, op FROM radcheck WHERE username = '002324609E3F' ORDER BY id'
>> (2) sql :       expand: "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority" -> 'SELECT groupname FROM radusergroup WHERE username = '002324609E3F' ORDER BY
>> priority'
>> rlm_sql (sql): Executing query: 'SELECT groupname FROM radusergroup WHERE username = '002324609E3F' ORDER BY priority'
>> rlm_sql (sql): Released connection (4)
>> (2)   [sql] = noop
> It’s consistent with the users file, which also returns noop if not entries match.
>
> Things like rlm_ldap are different because you’re looking for a specific object in the directory, so it’s ok to return notfound.
>
> I guess both rlm_files and rlm_sql could return notfound if no key matched, and noop if no entry matched. Do people think this would be a useful distinction?
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for your answer. Maybe I was mistaken to rely on sql return code in the authorize 
section ?

If it's consistent with other modules, I'd rather modify my authenticate section to do a 
sql query in order to check the presence of the user, shouldn't I ?

Rgds.

-- 
Philippe MARASSE

Pôle Infrastructures - Direction du Système d'Informations et de l'Organisation
Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Coeur
86021 Poitiers Cedex
Tel : 05.49.44.57.19


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4539 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131023/ddd8a989/attachment.bin>


More information about the Freeradius-Users mailing list