On Mon 08 Jan 2007 21:38, Phil Mayers wrote: > I've been looking at using rlm_sql to replace a fairly complex set of > Autz-Type and rlm_passwd maps. Primarily this is to speed up updates > when e.g. blocking systems and not have to HUP the server. > > The doc/rlm_sql file states that processing is done with pairs of > check/reply items at a time - that is, first the user check items are > compared and if matches the reply items added; then for each group (in > order of priority) the group check items are compared and if match the > reply items added. > > The code in rlm_sql.c definitely does not do that, at least in 1.1.3 as > far as I can understand the code? Instead it appears to smoosh the user > and all the group check items together, compares them, and if they *all* > match adds *all* the reply items. > > This seems to make groups pretty useless except for using the SQL-Group > construct in the users file. > > Comments?
I believe you are correct. It's been a while since I looked at the SQL Groups functionality, but last time I did I quickly decided to do the processing I required from my own table structure with an SQL function. That way you get _exactly_ what you want at the cost of having to think about a schema that fits your need. Works pretty well for us :-) Someone really needs to take a knife the the SQL Groups code.. But, there you have it. Feel free to help out any time you want :-) Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpRhU0M2Ni9r.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html