db_url
(string)table
(string)user_column
(string)domain_column
(string)group_column
(string)use_domain
(integer)re_table
(string)re_exp_column
(string)re_gid_column
(string)multiple_gid
(integer)is_user_in(URI, group)
get_user_group(URI, AVP)
db_url
parametertable
parameteruser_column
parameterdomain_column
parametergroup_column
parameteruse_domain
parameterre_table
parameterreg_exp_column
parameterre_gid_column
parametermultiple_gid
parameteris_user_in
usageget_user_group
usageThis module provides functionalities for different methods of group membership checking.
There is a database table that contains list of users and groups they belong to. The module provides the possibility to check if a specific user belongs to a specific group.
There is no DB caching support, each check involving a DB query.
Another database table contains list of regular expressions and group IDs. A matching occurs if the user URI match the regular expression. This type of matching may be used to fetch the group ID(s) the user belongs to (via RE matching) .
Due performance reasons (regular expression evaluation), DB cache support is available: the table content is loaded into memory at startup and all regular expressions are compiled.
The following modules must be loaded before this module:
A database module, like mysql, postgres or dbtext
The following libraries or applications must be installed before running OpenSER with this module loaded:
None.
db_url
(string)URL of the database table to be used.
Default value is "mysql://openserro:openserro@localhost/openser".
table
(string)Name of the table holding strict definitions of groups and their members.
Default value is "grp".
user_column
(string)Name of the "table" column holding usernames.
Default value is "username".
domain_column
(string)Name of the "table" column holding domains.
Default value is "domain".
use_domain
(integer)If enabled (set to non zero value) then domain will be used also used for strict group matching; otherwise only the username part will be used.
Default value is 0 (no).
re_table
(string)Name of the table holding definitions for regular-expression based groups. If no table is defined, the regular-expression support is disabled.
Default value is "NULL".
re_exp_column
(string)Name of the "re_table" column holding the regular expression used for user matching.
Default value is "reg_exp".
re_gid_column
(string)Name of the "re_table" column holding the group IDs.
Default value is "group_id".
multiple_gid
(integer)If enabled (non zero value) the regular-expression matching will return all group IDs that match the user; otherwise only the first will be returned.
Default value is "1".
is_user_in(URI, group)
This function is to be used for script group membership. The function returns true if username in the given URI is member of the given group and false if not.
Meaning of the parameters is as follows:
URI - URI whose username and optionally domain to be used, this can be one of:
Request-URI - Use Request-URI username and (optionally) domain.
To - Use To username and (optionally) domain.
From - Use From username and (optionally) domain.
Credentials - Use digest credentials username.
$avp[avp_name|avp_alias] - Use the URI from the AVP specified by this pseudo-variable.
group - Name of the group to check.
This function can be used from REQUEST_ROUTE and FAILURE_ROUTE.
get_user_group(URI, AVP)
This function is to be used for regular expression based group membership. The function returns true if username in the given URI belongs to at least one group; the group ID(s) are returned as AVPs.
Meaning of the parameters is as follows:
URI - URI to be matched against the regular expressions:
Request-URI - Use Request-URI
To - Use To URI.
From - Use From URI
Credentials - Use digest credentials username and realm.
$avp[avp_name|avp_alias] - Use the URI from the AVP specified by this pseudo-variable.
AVP_ID - The matched group IDs are returned as AVPs named "AVP". It accepts a full AVP specification: AVP, ID and NAME. alias also
This function can be used from REQUEST_ROUTE and FAILURE_ROUTE.
Take a look at http://www.openser-project.org/.
First at all check if your question was already answered on one of our mailing lists:
User Mailing List - http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
Developer Mailing List - http://lists.openser-project.org/cgi-bin/mailman/listinfo/devel
E-mails regarding any stable OpenSER release should be sent to
<users@lists.openser-project.org>
and e-mails regarding development versions
should be sent to <devel@lists.openser-project.org>
.
If you want to keep the mail private, send it to
<team@lists.openser-project.org>
.
Please follow the guidelines provided at: http://sourceforge.net/tracker/?group_id=139143.