5 The SQL module is composed of two parts: a generic SQL front-end
6 (rlm_sql), and a series of database-dependent back-end drivers,
7 (rlm_sql_mysql, rlm_sql_postgresql, etc.)
9 In order to build the drivers, you MUST ALSO install the development
10 versions of the database. That is, you must have the appropriate
11 header files and client libraries for (say) MySQL. The
12 rlm_sql_mysql driver is NOT a complete MySQL client implementation.
13 Instead, it is a small 'shim' between the FreeRADIUS rlm_sql module,
14 and the MySQL client libraries.
17 In general, the SQL schemas mirror the layout of the 'users' file.
18 So for configuring check items and reply items, see 'man 5 users',
19 and the examples in the 'users' file.
22 1. Miscellaneous configuration
24 The SQL module has little documentation, sorry. A helpful (but old)
27 http://www.frontios.com/freeradius.html
29 but it hasn't been updated in over 6 months. If anyone has
30 comments on this (or other) documentation, PLEASE email them to the
31 freeradius-devel list, so that they may be included here.
36 One of the fields of the SQL schema is named 'op' This is for the
37 'operator' used by the attributes. e.g.:
39 Framed-IP-Address = 1.2.3.4
40 ^ ATTRIBUTE ----^ ^ OP ^ VALUE
42 If you want the server to be completely misconfigured, and to never
43 do what you want, leave the 'op' field blank. If you want to be
44 rudely told to RTFM, then post questions on the mailing list, asking
46 "why doesn't my SQL configuration work when I leave the 'op' field empty?"
49 The short answer is that with the op field empty, the server does
50 not know what you want it to do with the attribute. Should it be
51 added to the reply? Maybe you wanted to compare the operator to one
52 in the request? The server simply doesn't know.
54 So put a value in the field. The value is the string form of the
55 operator: "=", ">=", etc. See Section 3, below, for more details.
60 The list of operators is given below.
62 Op Example and documentation
63 -- -------------------------
67 Not allowed as a check item.
69 As a reply item, it means "add the item to the reply list, but
70 only if there is no other item of the same attribute."
73 := "Attribute := Value"
75 Always matches as a check item, and replaces in the
76 configuration items any attribute of the same name. If no
77 attribute of that name appears in the request, then this
80 As a reply item, it has an identical meaning, but for the
81 reply items, instead of the request items.
83 == "Attribute == Value"
85 As a check item, it matches if the named attribute is present
86 in the request, AND has the given value.
88 Not allowed as a reply item.
91 += "Attribute += Value"
93 Always matches as a check item, and adds the current attribute
94 with value to the list of configuration items.
96 As a reply item, it has an identical meaning, but the
97 attribute is added to the reply items.
100 != "Attribute != Value"
102 As a check item, matches if the given attribute is in the
103 request, AND does not have the given value.
105 Not allowed as a reply item.
108 > "Attribute > Value"
110 As a check item, it matches if the request contains an
111 attribute with a value greater than the one given.
113 Not allowed as a reply item.
116 >= "Attribute >= Value"
118 As a check item, it matches if the request contains an
119 attribute with a value greater than, or equal to the one
122 Not allowed as a reply item.
124 < "Attribute < Value"
126 As a check item, it matches if the request contains an
127 attribute with a value less than the one given.
129 Not allowed as a reply item.
132 <= "Attribute <= Value"
134 As a check item, it matches if the request contains an
135 attribute with a value less than, or equal to the one given.
137 Not allowed as a reply item.
140 =~ "Attribute =~ Expression"
142 As a check item, it matches if the request contains an
143 attribute which matches the given regular expression. This
144 operator may only be applied to string attributes.
146 Not allowed as a reply item.
149 !~ "Attribute !~ Expression"
151 As a check item, it matches if the request contains an
152 attribute which does not match the given regular expression.
153 This operator may only be applied to string attributes.
155 Not allowed as a reply item.
158 =* "Attribute =* Value"
160 As a check item, it matches if the request contains the named
161 attribute, no matter what the value is.
163 Not allowed as a reply item.
166 !* "Attribute !* Value"
168 As a check item, it matches if the request does not contain
169 the named attribute, no matter what the value is.
171 Not allowed as a reply item.