diff options
author | RageLtMan <rageltman [at] sempervictus> | 2022-08-17 18:05:02 -0400 |
---|---|---|
committer | RageLtMan <rageltman [at] sempervictus> | 2022-08-18 09:58:18 -0400 |
commit | a87ada1c4e9d5a426282c900207964d09d2a1020 (patch) | |
tree | 16f6858f5f66318eb9811c9941601f93c133e493 /interface-definitions | |
parent | 1f880973e221b91ac843a27d2e4c0b3de1880b97 (diff) | |
download | vyos-1x-a87ada1c4e9d5a426282c900207964d09d2a1020.tar.gz vyos-1x-a87ada1c4e9d5a426282c900207964d09d2a1020.zip |
T3896: Drop cserv local user req, add groupconfig
From ocserv documentation:
```
If the groupconfig option is set, then config-per-user will be
overriden, and all configuration will be read from radius. That
also includes the Acct-Interim-Interval, and Session-Timeout
values.
```
Implement yes/no configuration and parameter handling during jinja
rendering.
Fix bug wherein openconnect-server configuration requires creation
of local user accounts even when RADIUS authentication is used.
Testing:
Set the groupconfig=yes param and observed change in generated
/run/ocserv/ocserv.conf.
Removed the local users via `delete vpn openconnect
authentication local-users` and observed commit & service operation
Diffstat (limited to 'interface-definitions')
-rw-r--r-- | interface-definitions/vpn-openconnect.xml.in | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/interface-definitions/vpn-openconnect.xml.in b/interface-definitions/vpn-openconnect.xml.in index 6309863c5..3ab8dd815 100644 --- a/interface-definitions/vpn-openconnect.xml.in +++ b/interface-definitions/vpn-openconnect.xml.in @@ -144,6 +144,26 @@ </properties> <defaultValue>2</defaultValue> </leafNode> + <leafNode name="groupconfig"> + <properties> + <help>If the groupconfig option is set to yes, then config-per-user will be overriden, and all configuration will be read from radius.</help> + <completionHelp> + <list>yes no</list> + </completionHelp> + <valueHelp> + <format>yes</format> + <description>Enable RADIUS acquisition of group properties</description> + </valueHelp> + <valueHelp> + <format>no</format> + <description>Disable RADIUS acquisition of group properties</description> + </valueHelp> + <constraint> + <regex>(yes|no)</regex> + </constraint> + </properties> + <defaultValue>no</defaultValue> + </leafNode> </children> </node> </children> |