Re: doc/rlm_sql is wrong?
This is a discussion on Re: doc/rlm_sql is wrong? within the FreeRADIUS Users forums, part of the Networking and Network Related category; --===============0539896368== Content-Type: multipart/signed; boundary="nextPart5815516.lWrDAoGd8b"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-08-2007
|
|||
|
|||
Re: doc/rlm_sql is wrong?
--===============0539896368==
Content-Type: multipart/signed; boundary="nextPart5815516.lWrDAoGd8b"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart5815516.lWrDAoGd8b Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Mon 08 Jan 2007 21:38, Phil Mayers wrote: > I've been looking at using rlm_sql to replace a fairly complex set of > Autz-Type and rlm_passwd maps. Primarily this is to speed up updates > when e.g. blocking systems and not have to HUP the server. > > The doc/rlm_sql file states that processing is done with pairs of > check/reply items at a time - that is, first the user check items are > compared and if matches the reply items added; then for each group (in > order of priority) the group check items are compared and if match the > reply items added. > > The code in rlm_sql.c definitely does not do that, at least in 1.1.3 as > far as I can understand the code? Instead it appears to smoosh the user > and all the group check items together, compares them, and if they *all* > match adds *all* the reply items. > > This seems to make groups pretty useless except for using the SQL-Group > construct in the users file. > > Comments? I believe you are correct. It's been a while since I looked at the SQL Grou= ps=20 functionality, but last time I did I quickly decided to do the processing I= =20 required from my own table structure with an SQL function. That way you get= =20 _exactly_ what you want at the cost of having to think about a schema that= =20 fits your need. Works pretty well for us :-) Someone really needs to take a knife the the SQL Groups code.. But, there y= ou=20 have it. Feel free to help out any time you want :-) Cheers =2D-=20 Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc --nextPart5815516.lWrDAoGd8b Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQBFoqPAAcdsUt9pJjwRAtrCAJ0aJxfglLgXysU7GOjSS2 +jFNZyxgCg/ug2 i/0cY3FMIkVcuv0qlFgc9Ao= =1fk9 -----END PGP SIGNATURE----- --nextPart5815516.lWrDAoGd8b-- --===============0539896368== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --===============0539896368==-- 
|
Linear Mode
