summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorRageLtMan <rageltman [at] sempervictus>2022-08-17 18:05:02 -0400
committerRageLtMan <rageltman [at] sempervictus>2022-08-18 09:58:18 -0400
commita87ada1c4e9d5a426282c900207964d09d2a1020 (patch)
tree16f6858f5f66318eb9811c9941601f93c133e493 /interface-definitions
parent1f880973e221b91ac843a27d2e4c0b3de1880b97 (diff)
downloadvyos-1x-a87ada1c4e9d5a426282c900207964d09d2a1020.tar.gz
vyos-1x-a87ada1c4e9d5a426282c900207964d09d2a1020.zip
T3896: Drop cserv local user req, add groupconfig
From ocserv documentation: ``` If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from radius. That also includes the Acct-Interim-Interval, and Session-Timeout values. ``` Implement yes/no configuration and parameter handling during jinja rendering. Fix bug wherein openconnect-server configuration requires creation of local user accounts even when RADIUS authentication is used. Testing: Set the groupconfig=yes param and observed change in generated /run/ocserv/ocserv.conf. Removed the local users via `delete vpn openconnect authentication local-users` and observed commit & service operation
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/vpn-openconnect.xml.in20
1 files changed, 20 insertions, 0 deletions
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in
index 6309863c5..3ab8dd815 100644
--- a/interface-definitions/vpn-openconnect.xml.in
+++ b/interface-definitions/vpn-openconnect.xml.in
@@ -144,6 +144,26 @@
</properties>
<defaultValue>2</defaultValue>
</leafNode>
+ <leafNode name="groupconfig">
+ <properties>
+ <help>If the groupconfig option is set to yes, then config-per-user will be overriden, and all configuration will be read from radius.</help>
+ <completionHelp>
+ <list>yes no</list>
+ </completionHelp>
+ <valueHelp>
+ <format>yes</format>
+ <description>Enable RADIUS acquisition of group properties</description>
+ </valueHelp>
+ <valueHelp>
+ <format>no</format>
+ <description>Disable RADIUS acquisition of group properties</description>
+ </valueHelp>
+ <constraint>
+ <regex>(yes|no)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>no</defaultValue>
+ </leafNode>
</children>
</node>
</children>