SQL SELECT statement
Alan DeKok
aland at deployingradius.com
Tue May 19 22:58:28 CEST 2020
On May 19, 2020, at 3:38 AM, Charly <netflow at geosciences.ensmp.fr> wrote:
>
> - i have local users stored in SQL database
> - i have LDAP users
> - in SQL database, i store Cisco-AVPair values for both of them
That's fine.
> The SQL module doesn't process the radreply when user is not found in the radcheck table (=> LDAP users)
That's how the SQL module is defined to work... see https://wiki.freeradius.org/modules/Rlm_sql
You can't just put random SQL queries into the server and expect them to re-implement the entire SQL module.
What you need to do is to re-phrase your problem:
if user is in ldap
then look user up in SQL with a fixed name
else
look user up in SQL with their user name
This is relatively simple. If you're not using realms / 802.1X, you can do:
authorize {
...
ldap
if (ok) {
update request {
Stripped-User-Name := "LDAP"
}
}
sql
...
And then edit the file mods-config/sql/main/mysql/queries.conf, to set:
sql_user_name = "%{Stripped-User-Name}:-%{%{User-Name}}"
This will cause the SQL module to use Stripped-User-Name if it exists, otherwise it uses User-Name.
And then the LDAP users can have a default entry in SQL, with user name "LDAP". You can, of course, change that to anything else you want.
Alan DeKok.
More information about the Freeradius-Users
mailing list