Manualshelf

HP-UX AAA Server A.08.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
241242243244245246247248249250
of database columns (output source) to RADIUS reply attributes (output target). A new RADIUS
attribute will be allocated for each output mapping.
For maximum flexibility and customization, there are no pre-determined or hard coded relationships
between database columns and RADIUS attributes; that relationship is created entirely through the
sqlaccess.config file. See sqlaccess.config File Configuration” (page 255) for complete
configuration definitions of the sqlaccess.config file.
Figure 85 (page 249) illustrates the SQL mapping concept for RADIUS attribute to database column
mapping for a specific access request using OCI, in this example by user John.
Figure 85 RADIUS Attribute to SQL Statement Mapping
During input mapping, the value for the RADIUS attribute User-name is passed to the SQL statement
SELECT as a search value into the database table USERTABLE using the SQL placeholder to bind
to the data value John. The output mapping entry tells the SQL Access AATV that the database
column db_passwd maps to the RADIUS attribute password, with a returned value of Johnpass
in the attribute-value pair.
Mapping Functions
You can also use a pre-defined or user-defined mapping function as the source or target of a
mapping. For example, the pre-defined mapping function get_sid retrieves the session ID from
the RADIUS request's CLASS attribute-value pair or generates a unique session ID if the CLASS
attribute-value pair does not exist. You can then insert the session ID value into a database table
using the SQL INSERT command to allow for session management via SQL Access.
Conversion Functions
Pre-defined or user-defined conversion functions execute on the data in transit between the source
and the target of a mapping. For example, the pre-defined conversion function AAAIPv6toString
converts a binary format IPv6 address to an ANSI string suitable for generating human readable
output. This can be used to translate an IPv6 address from a RADIUS attribute to a string formatted
column in the database.
SQL Access Overview 249