Merge pull request #1477 from sempervictus/feature/ocserv_groups

T3896(adjacent): Fix ocserv local user requirement, add groupconfig
author: Viacheslav Hletenko <v.gletenko@vyos.io> 2022-09-15 17:28:11 +0300
committer: GitHub <noreply@github.com> 2022-09-15 17:28:11 +0300
commit: 7a2ad35ec8ecd84d162a3e5dc41b50f31d18dc10 (patch)
tree: 7bc3dcdb730ebba58fb35d170f1496cded6024c2 /src/conf_mode
parent: d41909874a6a7e2264e0a89928885b491efd9851 (diff)
parent: e5785ff748f93b66879d8bd0393c208c6df574a9 (diff)
download: vyos-1x-7a2ad35ec8ecd84d162a3e5dc41b50f31d18dc10.tar.gz
vyos-1x-7a2ad35ec8ecd84d162a3e5dc41b50f31d18dc10.zip
1 files changed, 10 insertions, 9 deletions
diff --git a/src/conf_mode/vpn_openconnect.py b/src/conf_mode/vpn_openconnect.py
index 240546817..23b1baf4d 100755
--- a/src/conf_mode/vpn_openconnect.py
+++ b/src/conf_mode/vpn_openconnect.py
@@ -58,15 +58,16 @@ def get_config():
     default_values = defaults(base)
     ocserv = dict_merge(default_values, ocserv)
 
-    # workaround a "know limitation" - https://phabricator.vyos.net/T2665
-    del ocserv['authentication']['local_users']['username']['otp']
-    if not ocserv["authentication"]["local_users"]["username"]:
-        raise ConfigError('openconnect mode local required at least one user')
-    default_ocserv_usr_values = default_values['authentication']['local_users']['username']['otp']
-    for user, params in ocserv['authentication']['local_users']['username'].items():
-        # Not every configuration requires OTP settings
-        if ocserv['authentication']['local_users']['username'][user].get('otp'):
-            ocserv['authentication']['local_users']['username'][user]['otp'] = dict_merge(default_ocserv_usr_values, ocserv['authentication']['local_users']['username'][user]['otp'])
+    if "local" in ocserv["authentication"]["mode"]:
+        # workaround a "know limitation" - https://phabricator.vyos.net/T2665
+        del ocserv['authentication']['local_users']['username']['otp']
+        if not ocserv["authentication"]["local_users"]["username"]:
+            raise ConfigError('openconnect mode local required at least one user')
+        default_ocserv_usr_values = default_values['authentication']['local_users']['username']['otp']
+        for user, params in ocserv['authentication']['local_users']['username'].items():
+            # Not every configuration requires OTP settings
+            if ocserv['authentication']['local_users']['username'][user].get('otp'):
+                ocserv['authentication']['local_users']['username'][user]['otp'] = dict_merge(default_ocserv_usr_values, ocserv['authentication']['local_users']['username'][user]['otp'])
 
     if ocserv:
         ocserv['pki'] = conf.get_config_dict(['pki'], key_mangling=('-', '_'),
author	Viacheslav Hletenko <v.gletenko@vyos.io>	2022-09-15 17:28:11 +0300
committer	GitHub <noreply@github.com>	2022-09-15 17:28:11 +0300
commit	7a2ad35ec8ecd84d162a3e5dc41b50f31d18dc10 (patch)
tree	7bc3dcdb730ebba58fb35d170f1496cded6024c2 /src/conf_mode
parent	d41909874a6a7e2264e0a89928885b491efd9851 (diff)
parent	e5785ff748f93b66879d8bd0393c208c6df574a9 (diff)
download	vyos-1x-7a2ad35ec8ecd84d162a3e5dc41b50f31d18dc10.tar.gz vyos-1x-7a2ad35ec8ecd84d162a3e5dc41b50f31d18dc10.zip