From: Nick Porter Date: Mon, 24 Feb 2025 14:05:19 +0000 (+0000) Subject: Add profile priority / condition attrs to TACACS profiles in LDAP schema X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5bca849903415a1f7e83ae5393894f12acc792e8;p=thirdparty%2Ffreeradius-server.git Add profile priority / condition attrs to TACACS profiles in LDAP schema --- diff --git a/doc/schemas/ldap/openldap/freeradius-tacacs.ldif b/doc/schemas/ldap/openldap/freeradius-tacacs.ldif index 16a6b0e2d7..0dedfd5e44 100644 --- a/doc/schemas/ldap/openldap/freeradius-tacacs.ldif +++ b/doc/schemas/ldap/openldap/freeradius-tacacs.ldif @@ -3,9 +3,10 @@ objectClass: olcSchemaConfig cn: freeradius-tacacs olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.5.2.1.1 NAME 'tacacsAttribute' DESC 'TACACS+ attribute in format [.] ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.5.2.1.2 NAME 'tacacsService' DESC 'The identifier for the TACACS+ service e.g. exec, shell, ppp, etc...' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.5.3.1.1 NAME 'tacacsCommand' DESC 'The identifier for the TACACS+ command e.g. show, enable, etc...' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.5.2.1.3 NAME 'tacacsProfilePriority' DESC 'Priority to apply profiles' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 EQUALITY integerMatch ORDERING integerOrderingMatch SINGLE-VALUE ) +olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.5.2.1.4 NAME 'tacacsProfileCondition' DESC 'Condition to apply profiles' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.5.1.1.1 NAME 'tacacsClientSecret' DESC 'Client Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.5.1.1.2 NAME 'tacacsClientSingleConnectionMode' DESC 'Set whether we allow and request single connection mode for this client' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) -olcObjectClasses: ( 1.3.6.1.4.1.11344.4.5.2.2.2 NAME 'tacacsServiceProfile' SUP top AUXILIARY MUST tacacsService MAY tacacsAttribute ) -olcObjectClasses: ( 1.3.6.1.4.1.11344.4.5.3.2.2 NAME 'tacacsCommandProfile' SUP top AUXILIARY MUST tacacsCommand MAY tacacsAttribute ) +olcObjectClasses: ( 1.3.6.1.4.1.11344.4.5.2.2.2 NAME 'tacacsServiceProfile' SUP top AUXILIARY MUST tacacsService MAY ( tacacsAttribute $ tacacsProfilePriority $ tacacsProfileCondition ) ) +olcObjectClasses: ( 1.3.6.1.4.1.11344.4.5.3.2.2 NAME 'tacacsCommandProfile' SUP top AUXILIARY MUST tacacsCommand MAY ( tacacsAttribute $ tacacsProfilePriority $ tacacsProfileCondition ) ) olcObjectClasses: ( 1.3.6.1.4.1.11344.4.5.1.2.1 NAME 'tacacsClient' SUP top AUXILIARY MUST tacacsClientSecret MAY tacacsClientSingleConnectionMode ) diff --git a/doc/schemas/ldap/openldap/freeradius-tacacs.schema b/doc/schemas/ldap/openldap/freeradius-tacacs.schema index 4542b854ab..4e5f530af4 100644 --- a/doc/schemas/ldap/openldap/freeradius-tacacs.schema +++ b/doc/schemas/ldap/openldap/freeradius-tacacs.schema @@ -29,12 +29,29 @@ attributetype ( 1.3.6.1.4.1.11344.4.5.2.1.2 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributetype ( 1.3.6.1.4.1.11344.4.5.2.1.3 + NAME 'tacacsProfilePriority' + DESC 'Priority to apply profiles' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + EQUALITY integerMatch + ORDERING integerOrderingMatch + SINGLE-VALUE + ) + +attributetype ( 1.3.6.1.4.1.11344.4.5.2.1.4 + NAME 'tacacsProfileCondition' + DESC 'Condition to apply profiles' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + ) + objectclass ( 1.3.6.1.4.1.11344.4.5.2.2.2 NAME 'tacacsServiceProfile' SUP top AUXILIARY MUST ( tacacsService ) - MAY ( tacacsAttribute ) + MAY ( tacacsAttribute $ tacacsProfilePriority $ tacacsProfileCondition ) ) # @@ -65,7 +82,7 @@ objectclass ( 1.3.6.1.4.1.11344.4.5.3.2.2 SUP top AUXILIARY MUST ( tacacsCommand ) - MAY ( tacacsAttribute ) + MAY ( tacacsAttribute $ tacacsProfilePriority $ tacacsProfileCondition ) ) #