[RADIATOR] check-items in chained authby queries

Heikki Vatiainen hvn at open.com.au
Tue Feb 15 05:12:22 CST 2011


On 02/04/2011 06:29 AM, Michael wrote:
> 
> oh, and, you may not want to stop there.  you may want to find out why %0 and %1 
> don't work.  I think it should as per source code and manual.  Since you are 
> using the 2 '?' the order is very important.  You can't change the order of:
> 
> WHERE username=? AND groupname=?
> 
> to this:
> WHERE groupname=? AND username=?
> 
> ..cause it will not work and will break your setup.
> 
> Maybe the radiator coders can check out the source. i'm sure they'll see these 
> emails. To me, the source looks fine.

Michael, Linuxchuck,

thanks for letting us know about the problems with GroupMembershipQuery.

If the database driver complains about bind errors, Michael's example
and the notes about the order of arguments is what can be followed to
solve the problem.

Radiator currently always supplies username and groupname as 'bind
variables' that are used as arguments for placeholders '?' in
GroupMembershipQuery statement.

If the statement does not have placeholders '?', some database drivers
accept the query and ignore the bind variables while others complain
about missing placeholders.

We have discussed about ways to clarify how GroupMembershipQuery works,
but making changes to code could easily break backwards compatibility
with existing configurations so we want to be careful with that. No
patches have been made yet, but please check the change history when you
upgrade the next time.

Thanks,
Heikki
-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list