> Unfortunately whoever modified rlm_sql in cvs head chose a very > inefficient querying system.
So change it - stored procedures maybe? > > First you query to pull out group membership, second you query to get > each groups check items, then to get each groups reply items ... It just > doesn't scale when a users a member of lots of groups. > > Previously you pulled out all the records for all the groups a user was > a member of in two queries, one for check items and one for reply items.. Eh? I've got to strongly disagree with that - the old code was a DISASTROUS scheme. If you had 2 groups with check items: RESIDENCES: check: Calling-Station-Id ~ 192.168. reply: Filter-Id = resnet CONFERENCES: check: Calling-Station-Id ~ 10. reply: Filter-Id = conferencenet ...and "johndoe" was in BOTH, NEITHER of them would *ever* match. Merging the groups' check items was just idiotic. The new version is far, far better. > > --- > > Still think it would be a nice idea to have the option to disable single Not sure what you mean by that? > user lookups, SQL queries really are very expensive . Expensive: we're doing ~260k authentications a day, each involving at least 1 SQL SELECT and 1 SQL INSERT and we've no problems. Hardware is nothing massively silly - dual-proc DL380 running both the SQL and Radius server. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
