T3896: Drop cserv local user req, add groupconfig

From ocserv documentation:
```
If the groupconfig option is set, then config-per-user will be
overriden, and all configuration will be read from radius. That
also includes the Acct-Interim-Interval, and Session-Timeout
values.
```
Implement yes/no configuration and parameter handling during jinja
rendering.

Fix bug wherein openconnect-server configuration requires creation
of local user accounts even when RADIUS authentication is used.

Testing:
  Set the groupconfig=yes param and observed change in generated
/run/ocserv/ocserv.conf.
  Removed the local users via `delete vpn openconnect
authentication local-users` and observed commit & service operation

1 files changed, 4 insertions, 0 deletions

diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index e0cad5181..1cbb52ccf 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -7,7 +7,11 @@ run-as-user = nobody
 run-as-group = daemon
 
 {% if "radius" in authentication.mode %}
+{%      if "yes" in authentication.radius.groupconfig %}
+auth = "radius [config=/run/ocserv/radiusclient.conf,groupconfig=true]"
+{%      else %}
 auth = "radius [config=/run/ocserv/radiusclient.conf]"
+{%      endif %}
 {% elif "local" in authentication.mode %}
 {%     if authentication.mode.local == "password-otp" %}
 auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]"