Add binding attributes for LDAP clients

diff --git a/doc/schemas/ldap/openldap/freeradius-clients.ldif b/doc/schemas/ldap/openldap/freeradius-clients.ldif
index 67e9e7de7222b1d85c1b766496de47e8e27a5c8e..3cf471a68faa4b74219950318efa39574f239a9d 100644 (file)
--- a/doc/schemas/ldap/openldap/freeradius-clients.ldif
+++ b/doc/schemas/ldap/openldap/freeradius-clients.ldif
@@ -6,5 +6,7 @@ olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.2 NAME 'freeradiusClientShortname
 olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.3 NAME 'freeradiusClientType' DESC 'Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.4 NAME 'freeradiusClientComment' DESC 'Client comment' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.5 NAME 'freeradiusClientGroupDN' DESC 'Client group membership' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.1.2.1 NAME 'freeradiusClient' DESC 'freeradiusClient object class' SUP top STRUCTURAL MUST freeradiusClientIdentifier MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN ) )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.6 NAME 'freeradiusClientIpV4Binding' DESC 'Client should only be able to access the server from this IPv4 address.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.7 NAME 'freeradiusClientIpV6Binding' DESC 'Client should only be able to access the server from this IPv6 address' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.1.2.1 NAME 'freeradiusClient' DESC 'freeradiusClient object class' SUP top STRUCTURAL MUST freeradiusClientIdentifier MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN $ freeradiusClientIpV4Binding $ freeradiusClientIpV6Binding ) )
 olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.1.2.2 NAME 'freeradiusAccessDevice' DESC 'freeradiusAccessDevice object class' SUP top STRUCTURAL MUST freeradiusClientIdentifier MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment ) )

diff --git a/doc/schemas/ldap/openldap/freeradius-clients.schema b/doc/schemas/ldap/openldap/freeradius-clients.schema
index 462859284ddf7e483c5152f2807d3f3a5ffb5d03..b7f13ff3ca3a4bd2730f74c9f7c5b4bfe64a013c 100644 (file)
--- a/doc/schemas/ldap/openldap/freeradius-clients.schema
+++ b/doc/schemas/ldap/openldap/freeradius-clients.schema
@@ -47,11 +47,25 @@ attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.4
        SINGLE-VALUE
  )
 
- attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.5
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.5
        NAME 'freeradiusClientGroupDN'
        DESC 'Client group membership'
        EQUALITY distinguishedNameMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+  )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.6
+       NAME 'freeradiusClientIpV4Binding'
+       DESC 'Client should only be able to access the server from this IPv4 address.'
+       EQUALITY caseIgnoreMatch
+       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+ )
+
+attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.7
+       NAME 'freeradiusClientIpV6Binding'
+       DESC 'Client should only be able to access the server from this IPv6 address'
+       EQUALITY caseIgnoreMatch
+       SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
  )
 
 objectclass ( 1.3.6.1.4.1.11344.4.1.1.2.1
@@ -60,7 +74,7 @@ objectclass ( 1.3.6.1.4.1.11344.4.1.1.2.1
        SUP top
        STRUCTURAL
        MUST ( freeradiusClientIdentifier )
-       MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN )
+       MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN $ freeradiusClientIpV4Binding $ freeradiusClientIpV6Binding )
  )
 
 #