From a87ada1c4e9d5a426282c900207964d09d2a1020 Mon Sep 17 00:00:00 2001 From: RageLtMan Date: Wed, 17 Aug 2022 18:05:02 -0400 Subject: T3896: Drop cserv local user req, add groupconfig From ocserv documentation: ``` If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from radius. That also includes the Acct-Interim-Interval, and Session-Timeout values. ``` Implement yes/no configuration and parameter handling during jinja rendering. Fix bug wherein openconnect-server configuration requires creation of local user accounts even when RADIUS authentication is used. Testing: Set the groupconfig=yes param and observed change in generated /run/ocserv/ocserv.conf. Removed the local users via `delete vpn openconnect authentication local-users` and observed commit & service operation --- interface-definitions/vpn-openconnect.xml.in | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'interface-definitions') diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in index 6309863c5..3ab8dd815 100644 --- a/interface-definitions/vpn-openconnect.xml.in +++ b/interface-definitions/vpn-openconnect.xml.in @@ -144,6 +144,26 @@ 2 + + + If the groupconfig option is set to yes, then config-per-user will be overriden, and all configuration will be read from radius. + + yes no + + + yes + Enable RADIUS acquisition of group properties + + + no + Disable RADIUS acquisition of group properties + + + (yes|no) + + + no + -- cgit v1.2.3