From: Nick Porter Date: Thu, 21 Aug 2025 10:45:35 +0000 (+0100) Subject: Update docs from raddb X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5e2e4c6083e26e22272ba32b36e2789fcd01169;p=thirdparty%2Ffreeradius-server.git Update docs from raddb --- diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/crl.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/crl.adoc index 27c159f2621..49134f804c6 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/crl.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/crl.adoc @@ -80,6 +80,48 @@ in `radiusd.conf` ca_path:: Directory containing trusted CAs, used to sign CRLs + +trigger_rate_limit:: + +If triggers are enabled (either here or in trigger.conf), +should the trigger messages be rate limited. + + +trigger:: Xlats to run when specific CRL events happen + +When configured here, they are specific to this module instance. +Alternatively global settings for all instances of the `crl` +module can be set in `triggers.conf` under the `modules` -> `crl` +section. + +For triggers to be enabled, a top level `trigger` section must +exist. Enable the line `$INCLUDE trigger.conf` in `radiusd.conf` +and if none of the triggers in there are required, comment them +out, leaving just the outer section. + +Triggers can either be calls to execute programs or xlat expansions. +The examples below show the use of the `linelog` xlat. + +In the "fetch..." triggers, the attributes from the request list +where the `crl` module is called are available. +The "expired" trigger only has `CRL.CDP-URL` available. + + +fetchuri:: A CRL URI is being requested + + + +fetchfail:: Fetching a CRL URI failed + + + +fetchbad:: Fetching a CRL URI returned bad data + + + +expired:: A CRL has expired + + == Default Configuration ``` @@ -98,6 +140,13 @@ crl { ca_file = ${cadir}/rsa/ca.pem # ca_path = ${modules.eap.tls-config[tls-common].ca_path} ca_path = ${cadir} +# trigger_rate_limit = yes +# trigger { +# fetchuri = %linelog("Fetching CRL from %{CRL.CDP-URL}") +# fetchfail = %linelog("Failed fetching %{CRL.CDP-URL}: %{Module-Failure-Message}") +# fetchbad = %linelog("Data returned from %{CRL.CDP-URL} was not valid") +# expired = %linelog("CRL from %{CRL.CDP-URL} has expired") +# } } ``` diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/sql.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/sql.adoc index 3edaea7526f..1e0b6512c9b 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/sql.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/sql.adoc @@ -353,7 +353,7 @@ sql { groupreply_table = "radgroupreply" usergroup_table = "radusergroup" # read_groups = yes -# read_profile = yes +# read_profiles = yes # logfile = ${logdir}/sqllog.sql # query_timeout = 5 pool { diff --git a/doc/antora/modules/reference/pages/raddb/trigger.conf.adoc b/doc/antora/modules/reference/pages/raddb/trigger.conf.adoc index 42fc3d5f801..13b548229fd 100644 --- a/doc/antora/modules/reference/pages/raddb/trigger.conf.adoc +++ b/doc/antora/modules/reference/pages/raddb/trigger.conf.adoc @@ -131,19 +131,16 @@ This will trigger only once per 60 seconds. ### Module triggers -Triggers for specific modules. These are *not* in the module -configuration because they are global to all instances of the -module. You can have module-specific triggers, by placing a -"trigger" subsection in the module configuration. +Triggers for specific modules. These are *not* in the +module configuration because they are global to all +instances of the module. You can have module-specific +triggers, by placing a `trigger` subsection in the module +configuration. Not all modules support a `trigger` +subsection. #### rlm_ldap: The LDAP module -If the server does "bind as user", it will open and -close an LDAP connection every time it binds as a -user. Be aware that this will likely produce a lot -of triggers. - Define common arguments to use below: @@ -222,25 +219,25 @@ snmp { snmptrap = "${snmp.trap.cmd} -c ${snmp.trap.community} ${snmp.trap.agent} FREERADIUS-NOTIFICATION-MIB" trigger { server { - start = "${snmptrap}::serverStart" - stop = "${snmptrap}::serverStop" - max_requests = "${snmptrap}::serverMaxRequests" + start = `${snmptrap}::serverStart` + stop = `${snmptrap}::serverStop` + max_requests = `${snmptrap}::serverMaxRequests` } modules { ldap { args = "radiusdModuleName s '${.:name}' radiusdModuleInstance s '${.:instance}'" - open = "${snmptrap}::serverModuleConnectionUp ${args}" - close = "${snmptrap}::serverModuleConnectionDown ${args}" - min = "${snmptrap}::serverModuleConnectionReservedPeriodMin ${args}" - max = "${snmptrap}::serverModuleConnectionReservedPeriodMax ${args}" + open = `${snmptrap}::serverModuleConnectionUp ${args}` + close = `${snmptrap}::serverModuleConnectionDown ${args}` + min = `${snmptrap}::serverModuleConnectionReservedPeriodMin ${args}` + max = `${snmptrap}::serverModuleConnectionReservedPeriodMax ${args}` } sql { args = "radiusdModuleName s '${.:name}' radiusdModuleInstance s '${.:instance}'" - open = "${snmptrap}::serverModuleConnectionUp ${args}" - close = "${snmptrap}::serverModuleConnectionDown ${args}" - fail = "${snmptrap}::serverModuleConnectionFail ${args}" - min = "${snmptrap}::serverModuleConnectionReservedPeriodMin ${args}" - max = "${snmptrap}::serverModuleConnectionReservedPeriodMax ${args}" + open = `${snmptrap}::serverModuleConnectionUp ${args}` + close = `${snmptrap}::serverModuleConnectionDown ${args}` + fail = `${snmptrap}::serverModuleConnectionFail ${args}` + min = `${snmptrap}::serverModuleConnectionReservedPeriodMin ${args}` + max = `${snmptrap}::serverModuleConnectionReservedPeriodMax ${args}` } } }