From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Sat, 20 May 2023 05:35:21 +0000 (-0400)
Subject: ldap: Add tacacs client schema
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4897440d65210ab5948811710de810e5aa26dca0;p=thirdparty%2Ffreeradius-server.git

ldap: Add tacacs client schema
---

diff --git a/doc/schemas/ldap/openldap/freeradius-tacacs.ldif b/doc/schemas/ldap/openldap/freeradius-tacacs.ldif
new file mode 100644
index 00000000000..1f93a647234
--- /dev/null
+++ b/doc/schemas/ldap/openldap/freeradius-tacacs.ldif
@@ -0,0 +1,6 @@
+dn: cn=freeradius-tacacs,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: freeradius-tacacs
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.5.1.1.1 NAME 'tacacsClientSecret' DESC 'Client Secret' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.11344.4.5.1.1.2 NAME 'tacacsClientSingleConnectionMode' DESC 'Set whether we allow and request single connection mode for this client' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.4.1.11344.4.5.1.2.1 NAME 'tacacsClient' SUP top AUXILIARY MUST tacacsClientSecret MAY tacacsClientSingleConnectionMode )
diff --git a/doc/schemas/ldap/openldap/freeradius-tacacs.schema b/doc/schemas/ldap/openldap/freeradius-tacacs.schema
new file mode 100644
index 00000000000..4b9b5868e10
--- /dev/null
+++ b/doc/schemas/ldap/openldap/freeradius-tacacs.schema
@@ -0,0 +1,32 @@
+#
+# 11344.4.5.1.[1|2]
+# |     | | |   |_ .1 Profile attributes, .2 profile objects
+# |     | | |_ Client
+# |     | |_ RADIUS
+# |     |_ LDAP Attributes
+# |_ Vendor
+#
+attributetype ( 1.3.6.1.4.1.11344.4.5.1.1.1
+	NAME 'tacacsClientSecret'
+	DESC 'Client Secret'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+ )
+
+ attributetype ( 1.3.6.1.4.1.11344.4.5.1.1.2
+	NAME 'tacacsClientSingleConnectionMode'
+	DESC 'Set whether we allow and request single connection mode for this client'
+	EQUALITY booleanMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+ )
+
+objectclass ( 1.3.6.1.4.1.11344.4.5.1.2.1
+	NAME 'tacacsClient'
+	SUP top
+	AUXILIARY
+	MUST ( tacacsClientSecret )
+	MAY (tacacsClientSingleConnectionMode)
+ )
diff --git a/doc/schemas/ldap/openldap/oid_layout.txt b/doc/schemas/ldap/openldap/oid_layout.txt
index 25816579c65..b7328fe6318 100644
--- a/doc/schemas/ldap/openldap/oid_layout.txt
+++ b/doc/schemas/ldap/openldap/oid_layout.txt
@@ -14,6 +14,7 @@ For LDAP attributes and Dictionary attributes, the next node indicates protocol
 1.3.6.1.4.1.11344.4.2 - RADIUS
 1.3.6.1.4.1.11344.4.3 - DHCPv4
 1.3.6.1.4.1.11344.4.4 - DHCPv6
+1.3.6.1.4.1.11344.4.5 - TACACS+
 ```
 
 Next we distinguish between the types of object.  There's usually three objects for each protocol