Can we re-order the authorization queries in the SQL module?

Nick Porter nick at portercomputing.co.uk
Thu Nov 23 08:51:01 UTC 2023


On 23/11/2023 02:40, James Fan wrote:
> Hi Alan and Gerald,
> Thanks for your answer.
> My problem was if I set a user attribute name "vlan_id" which is stored in
> the radreply table and the radgroupreply table. But they have different
> values.
> The client will receive the value for the "vlan_id" in the radgroupreply.
> But we want to make the radreply attributes a higher priority to overwrite
> the radgroupreply values for the same attribute.
> After studying the SQL module, I found a solution that uses
> multiple instances to separate the queries like below:
>
> sql sql-group {
>    # Do group reply queries
> }
> sql sql-user-reply {
>    # Do user reply queries
> }
>
> So we can run these modules using this order:
> sql-group-reply.authorize
> sql-user-reply.authorize
>
> That makes the user attributes overwrite the group attributes and resolves
> our problem.
> I wonder if that is the best solution or if you have any good ideas. Thanks.
>
That is an over complicated solution.

As per Alan's previous comments, correct use of the operators in the 
data will do what you need.

Use := when setting VLAN attributes in radreply and use = when setting 
in radgroupreply.

:= - set the attribute, removing any other instances.

= - set the attribute, only if no existing instance exists.


Nick

-- 
Nick Porter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20231123/7a0e9301/attachment.sig>


More information about the Freeradius-Users mailing list