Merge pull request #1783 from PeppyH/T3896-ocserv-config-per-x

ocserv: T3896: add CLI options to configure ocserv config-per-user/group

1 files changed, 15 insertions, 0 deletions

diff --git a/data/templates/ocserv/ocserv_config.j2 b/data/templates/ocserv/ocserv_config.j2
index aa1073bca..8b9daed0f 100644
--- a/data/templates/ocserv/ocserv_config.j2
+++ b/data/templates/ocserv/ocserv_config.j2
@@ -16,6 +16,14 @@ acct = "radius [config=/run/ocserv/radiusclient.conf]"
 
 {% if "radius" in authentication.mode %}
 auth = "radius [config=/run/ocserv/radiusclient.conf{{ ',groupconfig=true' if authentication.radius.groupconfig is vyos_defined else '' }}]"
+{%     if "identity_based_config" in authentication %}
+{%         if authentication.identity_based_config.disabled is not vyos_defined %}
+{%             if "group" in authentication.identity_based_config.mode %}
+config-per-group = {{ authentication.identity_based_config.directory }}
+default-group-config = {{ authentication.identity_based_config.default_config }}
+{%             endif %}
+{%         endif %}
+{%     endif %}
 {% elif "local" in authentication.mode %}
 {%     if authentication.mode.local == "password-otp" %}
 auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]"
@@ -28,6 +36,13 @@ auth = "plain[/run/ocserv/ocpasswd]"
 auth = "plain[/run/ocserv/ocpasswd]"
 {% endif %}
 
+{% if "identity_based_config" in authentication %}
+{%     if "user" in authentication.identity_based_config.mode %}
+config-per-user = {{ authentication.identity_based_config.directory }}
+default-user-config = {{ authentication.identity_based_config.default_config }}
+{%     endif %}
+{% endif %}
+
 {% if ssl.certificate is vyos_defined %}
 server-cert = /run/ocserv/cert.pem
 server-key = /run/ocserv/cert.key