I'm having difficulty configuring mod_mysql_auth to send a query that ignores the password field and checks for membership in a group. My latest attempt uses this configuration:
AuthMySQLUserTable "user u"
AuthMySQLNameField "u.netid"
AuthMySQLPasswordField "u.user_password"
AuthMySQLNoPasswd On
AuthMySQLGroupTable "user_resource ur RIGHT JOIN resource r using(resource_id)"
AuthMySQLGroupField "r.resource_name"
require science-admin
I'm being denied access to the page, but I can't even tell what query is being sent (no query found in mysql.log). I just want to match a user with a group using three tables: user, resource, and user_resource. I cna easily do a query along these lines in MySQL, but exactly how this mod generates a query is a little obscure to me. Can anyone help? Thanks! ~pw
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
mod_auth_mysql really only handles some basic SQL statements - JOINs aren't supported, for instance. And resources (i.e. specific files or the contents of a directory) are generally when the resource is requested.
Your APACHE log should show error messages if mod_auth_mysql is detecting any errors. But some things:
AuthMySQLUserTable "user u"
You don't need the "u" (and shouldn't have it). We select user info from the table itself.
AuthMySQLNameField "u.netid"
Again, don't use "u."
AuthMySQLPasswordField "u.user_password"
Same here
AuthMySQLNoPasswd On
This should be OK.
AuthMySQLGroupTable "user_resource ur RIGHT JOIN resource r using(resource_id)"
This must be just a single table name
AuthMySQLGroupField "r.resource_name"
No "r" here.
require science-admin
This is invalid. It must be one of:
Require user userid [userid] ...
Require group group-name [group-name] ...
Require valid-user
I'm not sure what you're trying to do. But unfortunately mod_auth_mysql won't do it this way.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for your quick response. I was basing my config off of what was posted by aluzion <http://sourceforge.net/forum/forum.php?thread_id=1597894&forum_id=202943>. He said what he did worked; from what you say, I gather this is not possible, In any case, can you please tell me what the query built by mod_auth_mysql typically looks like (I'd like to crosscheck a user and a group)? Thanks, ~pw
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry for the delay in getting back to you. I didn't get an email notification on your update - guess I need to check my mail filters.
You probably can get it to work, but I'm not sure it would continue to work with a different version of mod_auth_mysql.
For instance, I'm not going to guarantee the aliases will work all the time. It's better to not use them, IMHO.
But more importantly, your JOIN syntax is incorrect. You need to supply a JOIN condition. This is probably creating an invalid statement, which would be rejected by MySQL (and logged in your Apache log by mod_auth_mysql but not the MySQL log).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm having difficulty configuring mod_mysql_auth to send a query that ignores the password field and checks for membership in a group. My latest attempt uses this configuration:
AuthMySQLUserTable "user u"
AuthMySQLNameField "u.netid"
AuthMySQLPasswordField "u.user_password"
AuthMySQLNoPasswd On
AuthMySQLGroupTable "user_resource ur RIGHT JOIN resource r using(resource_id)"
AuthMySQLGroupField "r.resource_name"
require science-admin
I'm being denied access to the page, but I can't even tell what query is being sent (no query found in mysql.log). I just want to match a user with a group using three tables: user, resource, and user_resource. I cna easily do a query along these lines in MySQL, but exactly how this mod generates a query is a little obscure to me. Can anyone help? Thanks! ~pw
Peter,
mod_auth_mysql really only handles some basic SQL statements - JOINs aren't supported, for instance. And resources (i.e. specific files or the contents of a directory) are generally when the resource is requested.
Your APACHE log should show error messages if mod_auth_mysql is detecting any errors. But some things:
AuthMySQLUserTable "user u"
You don't need the "u" (and shouldn't have it). We select user info from the table itself.
AuthMySQLNameField "u.netid"
Again, don't use "u."
AuthMySQLPasswordField "u.user_password"
Same here
AuthMySQLNoPasswd On
This should be OK.
AuthMySQLGroupTable "user_resource ur RIGHT JOIN resource r using(resource_id)"
This must be just a single table name
AuthMySQLGroupField "r.resource_name"
No "r" here.
require science-admin
This is invalid. It must be one of:
Require user userid [userid] ...
Require group group-name [group-name] ...
Require valid-user
I'm not sure what you're trying to do. But unfortunately mod_auth_mysql won't do it this way.
Thanks for your quick response. I was basing my config off of what was posted by aluzion <http://sourceforge.net/forum/forum.php?thread_id=1597894&forum_id=202943>. He said what he did worked; from what you say, I gather this is not possible, In any case, can you please tell me what the query built by mod_auth_mysql typically looks like (I'd like to crosscheck a user and a group)? Thanks, ~pw
Sorry for the delay in getting back to you. I didn't get an email notification on your update - guess I need to check my mail filters.
You probably can get it to work, but I'm not sure it would continue to work with a different version of mod_auth_mysql.
For instance, I'm not going to guarantee the aliases will work all the time. It's better to not use them, IMHO.
But more importantly, your JOIN syntax is incorrect. You need to supply a JOIN condition. This is probably creating an invalid statement, which would be rejected by MySQL (and logged in your Apache log by mod_auth_mysql but not the MySQL log).