diff options
author | Christian Breunig <christian@breunig.cc> | 2023-05-12 21:03:03 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-05-12 21:06:56 +0200 |
commit | d1abba03229128c3f2a6f718e9f14f4d7285e74d (patch) | |
tree | 43d8443adbb8fdaf6218d6a20c78c53688877797 /interface-definitions/include/openconnect-identity-based-config.xml.i | |
parent | 25ddb57b66de2c0918050052a4d374d4edb905f0 (diff) | |
download | vyos-1x-d1abba03229128c3f2a6f718e9f14f4d7285e74d.tar.gz vyos-1x-d1abba03229128c3f2a6f718e9f14f4d7285e74d.zip |
ocserv: T3896: improve XML definition and add warning about 3rd party configs
When enabling identity-based-config, users can add arbitrary config keys
that are processed by ocserv. The user "must know" what he is been doing, as
invalid config option will make the ocserv daemon go ... whoop!
Thus add a warning and inform the user about this setting.
Diffstat (limited to 'interface-definitions/include/openconnect-identity-based-config.xml.i')
-rw-r--r-- | interface-definitions/include/openconnect-identity-based-config.xml.i | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/interface-definitions/include/openconnect-identity-based-config.xml.i b/interface-definitions/include/openconnect-identity-based-config.xml.i deleted file mode 100644 index dfc51936d..000000000 --- a/interface-definitions/include/openconnect-identity-based-config.xml.i +++ /dev/null @@ -1,54 +0,0 @@ -<!-- include start from openconnect-identity-based-config.xml.i --> -<node name="identity-based-config"> - <properties> - <help>Configures OpenConnect to search the configured directory for a config file matching the Group name or Username</help> - </properties> - <children> - <leafNode name="mode"> - <properties> - <help>Configures OpenConnect to use config-per-group or config-per-user. Ignored if OpenConnect authentication group is configured.</help> - <valueHelp> - <format>user</format> - <description>OpenConnect config file loaded by matching file in configured directory to the users username</description> - </valueHelp> - <valueHelp> - <format>group</format> - <description>OpenConnect config file loaded by matching RADIUS class attribute in the RADIUS server response to a file in the configured directory</description> - </valueHelp> - <constraint> - <regex>(user|group)</regex> - </constraint> - <constraintErrorMessage>Invalid mode. Must be one of: user, group</constraintErrorMessage> - <completionHelp> - <list>user group</list> - </completionHelp> - </properties> - </leafNode> - <leafNode name="directory"> - <properties> - <help>Directory to configure OpenConnect to use for matching username/group to config file</help> - <valueHelp> - <format>filename</format> - <description>Must be a child directory of /config/auth e.g. /config/auth/ocserv/config-per-user</description> - </valueHelp> - <constraint> - <validator name="file-path" argument="--directory --parent-dir /config/auth --strict"/> - </constraint> - </properties> - </leafNode> - <leafNode name="default-config"> - <properties> - <help>Default/fallback config to use when a file cannot be found in the configured directory that matches the username/group</help> - <valueHelp> - <format>filename</format> - <description>Child directory of /config/auth e.g. /config/auth/ocserv/defaults/user.conf</description> - </valueHelp> - <constraint> - <validator name="file-path" argument="--file --parent-dir /config/auth --strict"/> - </constraint> - </properties> - </leafNode> - #include <include/generic-disable-node.xml.i> - </children> -</node> -<!-- include end -->
\ No newline at end of file |