I've been looking at using rlm_sql to replace a fairly complex set of
Autz-Type and rlm_passwd maps. Primarily this is to speed up updates
when e.g. blocking systems and not have to HUP the server.
The doc/rlm_sql file states that processing is done with pairs of
check/reply items at a time - that is, first the user check items are
compared and if matches the reply items added; then for each group (in
order of priority) the group check items are compared and if match the
reply items added.
The code in rlm_sql.c definitely does not do that, at least in 1.1.3 as
far as I can understand the code? Instead it appears to smoosh the user
and all the group check items together, compares them, and if they *all*
match adds *all* the reply items.
This seems to make groups pretty useless except for using the SQL-Group
construct in the users file.
Comments?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- doc/rlm_sql is wrong? Phil Mayers
-