From: Arran Cudbard-Bell Date: Wed, 13 Nov 2024 01:59:43 +0000 (-0600) Subject: Add binding attributes for LDAP clients X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0a2bb48d52213d828dbc8401cb71b29802413ae1;p=thirdparty%2Ffreeradius-server.git Add binding attributes for LDAP clients --- diff --git a/doc/schemas/ldap/openldap/freeradius-clients.ldif b/doc/schemas/ldap/openldap/freeradius-clients.ldif index 67e9e7de722..3cf471a68fa 100644 --- a/doc/schemas/ldap/openldap/freeradius-clients.ldif +++ b/doc/schemas/ldap/openldap/freeradius-clients.ldif @@ -6,5 +6,7 @@ olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.2 NAME 'freeradiusClientShortname olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.3 NAME 'freeradiusClientType' DESC 'Client Type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.4 NAME 'freeradiusClientComment' DESC 'Client comment' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.5 NAME 'freeradiusClientGroupDN' DESC 'Client group membership' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) -olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.1.2.1 NAME 'freeradiusClient' DESC 'freeradiusClient object class' SUP top STRUCTURAL MUST freeradiusClientIdentifier MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN ) ) +olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.6 NAME 'freeradiusClientIpV4Binding' DESC 'Client should only be able to access the server from this IPv4 address.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.1.1.1.7 NAME 'freeradiusClientIpV6Binding' DESC 'Client should only be able to access the server from this IPv6 address' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.1.2.1 NAME 'freeradiusClient' DESC 'freeradiusClient object class' SUP top STRUCTURAL MUST freeradiusClientIdentifier MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN $ freeradiusClientIpV4Binding $ freeradiusClientIpV6Binding ) ) olcObjectClasses: ( 1.3.6.1.4.1.11344.4.1.1.2.2 NAME 'freeradiusAccessDevice' DESC 'freeradiusAccessDevice object class' SUP top STRUCTURAL MUST freeradiusClientIdentifier MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment ) ) diff --git a/doc/schemas/ldap/openldap/freeradius-clients.schema b/doc/schemas/ldap/openldap/freeradius-clients.schema index 462859284dd..b7f13ff3ca3 100644 --- a/doc/schemas/ldap/openldap/freeradius-clients.schema +++ b/doc/schemas/ldap/openldap/freeradius-clients.schema @@ -47,11 +47,25 @@ attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.4 SINGLE-VALUE ) - attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.5 +attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.5 NAME 'freeradiusClientGroupDN' DESC 'Client group membership' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + ) + +attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.6 + NAME 'freeradiusClientIpV4Binding' + DESC 'Client should only be able to access the server from this IPv4 address.' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + ) + +attributetype ( 1.3.6.1.4.1.11344.4.1.1.1.7 + NAME 'freeradiusClientIpV6Binding' + DESC 'Client should only be able to access the server from this IPv6 address' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) objectclass ( 1.3.6.1.4.1.11344.4.1.1.2.1 @@ -60,7 +74,7 @@ objectclass ( 1.3.6.1.4.1.11344.4.1.1.2.1 SUP top STRUCTURAL MUST ( freeradiusClientIdentifier ) - MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN ) + MAY ( freeradiusClientShortname $ freeradiusClientType $ freeradiusClientComment $ freeradiusClientGroupDN $ freeradiusClientIpV4Binding $ freeradiusClientIpV6Binding ) ) #