# number of seconds to dely retrying on a failed database
# connection (per_socket)
- #connect_failure_retry_delay = 60
+ connect_failure_retry_delay = 60
+
+ # Safe characters list for sql queries. Everything else is replaced
+ # with their mime-encoded equivalents.
+ # The default list should be ok
+# safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
#######################################################################
# Query config: Username
#
sql_user_name = "%{User-Name}"
+ #######################################################################
+ # Default profile
+ #######################################################################
+ # This is the default profile. It is found in SQL by group membership.
+ # That means that this profile must be a member of at least one group
+ # which will contain the corresponding check and reply items.
+ # This profile will be queried in the authorize section for every user.
+ # The point is to assign all users a default profile without having to
+ # manually add each one to a group that will contain the profile.
+ # The SQL module will also honor the User-Profile attribute. This
+ # attribute can be set anywhere in the authorize section (ie the users
+ # file). It is found exactly as the default profile is found.
+ # If it is set then it will *overwrite* the default profile setting.
+ # The idea is to select profiles based on checks on the incoming packets,
+ # not on user group membership. For example:
+ # -- users file --
+ # DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
+ # DEFAULT Service-Type == Framed-User, User-Profile := "framed"
+ #
+ # By default the default_user_profile is not set
+ #
+# default_user_profile = "DEFAULT"
#######################################################################
# Authorization Queries
# 4. Item Attr Operation
#######################################################################
# Use these for case sensitive usernames. WARNING: Slower queries!
- #authorize_check_query = "SELECT id,UserName,Attribute,Value,Op FROM ${authcheck_table} WHERE STRCMP(Username, '%{SQL-User-Name}') = 0 ORDER BY id"
- #authorize_reply_query = "SELECT id,UserName,Attribute,Value,Op FROM ${authreply_table} WHERE STRCMP(Username, '%{SQL-User-Name}') = 0 ORDER BY id"
+# authorize_check_query = "SELECT id,UserName,Attribute,Value,Op \
+# FROM ${authcheck_table} \
+# WHERE Username ILIKE '%{SQL-User-Name}' \
+# ORDER BY id"
+# authorize_reply_query = "SELECT id,UserName,Attribute,Value,Op \
+# FROM ${authreply_table} \
+# WHERE Username ILIKE '%{SQL-User-Name}' \
+# ORDER BY id"
authorize_check_query = "SELECT id, UserName, Attribute, Value, Op \
FROM ${authcheck_table} \
WHERE Username = '%{SQL-User-Name}' \
ORDER BY id"
- # Use these for case sensitive usernames. WARNING: Slower queries!
- #authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.Op FROM ${groupcheck_table},${usergroup_table} WHERE STRCMP(${usergroup_table}.Username, '%{SQL-User-Name}') = 0 AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id"
- #authorize_group_reply_query = "SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.Op FROM ${groupreply_table},${usergroup_table} WHERE STRCMP(${usergroup_table}.Username, '%{SQL-User-Name}') = 0 AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id"
-
- authorize_group_check_query = "SELECT ${groupcheck_table}.id, ${groupcheck_table}.GroupName, \
- ${groupcheck_table}.Attribute, ${groupcheck_table}.Value,${groupcheck_table}.Op \
- FROM ${groupcheck_table}, ${usergroup_table} \
- WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName \
- ORDER BY ${groupcheck_table}.id"
-
- authorize_group_reply_query = "SELECT ${groupreply_table}.id, ${groupreply_table}.GroupName, ${groupreply_table}.Attribute, \
- ${groupreply_table}.Value, ${groupreply_table}.Op \
- FROM ${groupreply_table},${usergroup_table} \
- WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupreply_table}.GroupName \
- ORDER BY ${groupreply_table}.id"
+ # Use these for case sensitive usernames. WANRING: Slower queries!
+# authorize_group_check_query = "SELECT id,GroupName,Attribute,Value,op \
+# FROM ${groupcheck_table} \
+# WHERE GroupName ILIKE '%{Sql-Group}' \
+# ORDER BY id"
+# authorize_group_reply_query = "SELECT id,GroupName,Attribute,Value,op \
+# FROM ${groupreply_table} \
+# WHERE GroupName ILIKE '%{Sql-Group}' \
+# ORDER BY id"
+
+ authorize_group_check_query = "SELECT id,GroupName,Attribute,Value,op \
+ FROM ${groupcheck_table} \
+ WHERE GroupName = '%{Sql-Group}' \
+ ORDER BY id"
+ authorize_group_reply_query = "SELECT id,GroupName,Attribute,Value,op \
+ FROM ${groupreply_table} \
+ WHERE GroupName = '%{Sql-Group}' \
+ ORDER BY id"
#######################################################################
# Simultaneous Use Checking Queries
#######################################################################
# group_membership_query - Check user group membership
#######################################################################
- group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}'"
+ group_membership_query = "SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}' ORDER BY priority"
#
# If set to 'yes' (default) we read the group tables
projects / freeradius.git / commitdiff