Defining multiple post-auth INSERT queries for the same table

Alan DeKok aland at
Wed May 17 16:45:57 CEST 2017

On May 16, 2017, at 5:48 PM, Stefan Paetow <Stefan.Paetow at JISC.AC.UK> wrote:
> Ok, 
>>> instance. Do I simply name them (i.e. name_of_query = 'query here...')
>>> and then just invoke them in their appropriate section?
>> It depends on what you want to do.  What's the schema and use-case?
> Schema is something like this:
> [gss_acceptor] [namespace] [username] [targeted_id]
> The *-TargetedId entries depend on 3 attributes: GSS-Acceptor-Host-Name
> (gives us Moonshot-Host-TargetedId), GSS-Acceptor-Realm-Name (gives us
> Moonshot-Realm-TargetedId) and Trust-Router-COI (gives us
> Moonshot-TR-COI-TargetedId).

  Then you're probably better off just writing a custom SQL inner in the post-auth stage...

> Given the policy unlang to generate a targeted Id is exactly the same for
> all three versions, except for the namespace and the GSS attribute, either
> I define custom attributes in the UKERNA dictionary that I set the
> gas_acceptor, namespace and targeted_id to for each generation, or I
> change the schema to include all three like this:
> [gss_acceptor_host_name] [gss_acceptor_realm_name] [trust_router_coi]
> [namespace] [username] [host_targeted_id] [realm_targeted_id]
> [tr_coi_targeted_id]
> This just seems a waste of space.
> What do you think is better? The first option? It seems more concise.

  I agree.

  Alan DeKok.

More information about the Freeradius-Users mailing list