Revert "Remove FreeRADIUS v3.1.x options"

This reverts commit 7d005aa0.

Revert "Remove FreeRADIUS v3.1.x options"
9ead3da8 · Nathan Ward · 86c30070 · 9ead3da8 · 9ead3da8 · 9ead3da8
Commit 9ead3da8 authored Oct 27, 2020 by Nathan Ward
--- a/README.md
+++ b/README.md
@@ -632,6 +632,12 @@ With `rebind` control whether the server follows references returned by LDAP dir
 ##### `rebind`
 With `chase_referrals` control whether the server follows references returned by LDAP directory. Mostly used for AD compatibility. Default: `yes`.

+##### `use_referral_credentials`
+On rebind, use the credentials from the rebind url instead of admin credentials. Default: `no`.
+
+##### `session_tracking`
+If `yes`, then include draft-wahl-ldap-session tracking controls. Default: `undef`.
+
 ##### `uses`
 How many times the connection can be used before being re-established. This is useful for things
 like load balancers, which may exhibit sticky behaviour without it. `0` is unlimited. Default: `0`
@@ -645,6 +651,9 @@ The lifetime (in seconds) of the connection. Default: `0` (forever).
 ##### `idle_timeout`
 Idle timeout (in seconds). A connection which is unused for this length of time will be closed. Default: `60`.

+##### `connect_timeout`
+Connection timeout (in seconds). The maximum amount of time to wait for a new connection to be established. Default: `3.0`.
+
 ##### `idle`
 Sets the idle time before keepalive probes are sent. Default `60`

@@ -1523,6 +1532,11 @@ Spare connections to be left idle. Default: 1.
 Idle timeout (in seconds). A connection which is unused for this length of time will
 be closed. Default: 60.

+##### `pool_connect_timeout`
+
+Connection timeout (in seconds). The maximum amount of time to wait for a new
+connection to be established. Default: '3.0'.
+
 #### `freeradius::statusclient`

 Define RADIUS clients, specifically to connect to the status server for monitoring.

--- a/manifests/module/ldap.pp
+++ b/manifests/module/ldap.pp
@@ -38,6 +38,8 @@ define freeradius::module::ldap (
  Optional[Enum['never','searching','finding','always']] $dereference = undef,
  Freeradius::Boolean $chase_referrals                                = 'yes',
  Freeradius::Boolean $rebind                                         = 'yes',
+  Freeradius::Boolean $use_referral_credentials                       = 'no',
+  Optional[Freeradius::Boolean] $session_tracking                     = undef,
  Integer $timeout                                                    = 10,
  Integer $timelimit                                                  = 3,
  Integer $idle                                                       = 60,
@@ -59,6 +61,7 @@ define freeradius::module::ldap (
  Integer $retry_delay                                                = 30,
  Integer $lifetime                                                   = 0,
  Integer $idle_timeout                                               = 60,
+  Float $connect_timeout                                              = 3.0,
 ) {
  $fr_package          = $::freeradius::params::fr_package
  $fr_service          = $::freeradius::params::fr_service

--- a/manifests/sql.pp
+++ b/manifests/sql.pp
@@ -31,6 +31,7 @@ define freeradius::sql (
  Optional[Integer] $pool_min                    = 1,
  Optional[Integer] $pool_spare                  = 1,
  Optional[Integer] $pool_idle_timeout           = 60,
+  Optional[Float] $pool_connect_timeout          = 3.0,
 ) {
  $fr_package          = $::freeradius::params::fr_package
  $fr_service          = $::freeradius::params::fr_service

--- a/templates/ldap.erb
+++ b/templates/ldap.erb
@@ -602,6 +602,25 @@ ldap <%= @name %> {
 		chase_referrals = <%= @chase_referrals %>
 		rebind = <%= @rebind %>

+		#
+		#  On rebind, use the credentials from the rebind url instead
+		#  of admin credentials used during the initial bind.
+		#  Default 'no'
+		#
+		use_referral_credentials = <%= @use_referral_credentials %>
+
+<%- if @session_tracking -%>
+		#
+		#  If 'yes', then include draft-wahl-ldap-session tracking
+		#  controls.
+		#
+		#  These encode the NAS-IP-Address/NAS-IPv6-Address,
+		#  User-Name, Acct-Session-ID, Acct-Multi-Session-ID
+		#  as session tracking controls, in applicable LDAP operations.
+		#  Default 'no'.
+		#
+		session_tracking = <%= @session_tracking %>
+<%- end -%>
 		# SASL Security Properties (see SASL_SECPROPS in ldap.conf man page).
 		# Note - uncomment when using GSS-API sasl mechanism along with TLS
 		# encryption against Active-Directory LDAP servers (this disables
@@ -765,6 +784,11 @@ ldap <%= @name %> {
 #		idle_timeout = 60
 		idle_timeout = <%= @idle_timeout %>

+		#  Connection timeout (in seconds).  The maximum amount of
+		#  time to wait for a new connection to be established.
+		#  Sets LDAP_OPT_NETWORK_TIMEOUT in libldap.
+		connect_timeout = <%= @connect_timeout %>
+
 		#  NOTE: All configuration settings are enforced.  If a
 		#  connection is closed because of 'idle_timeout',
 		#  'uses', or 'lifetime', then the total number of

--- a/templates/sql.conf.erb
+++ b/templates/sql.conf.erb
@@ -334,6 +334,15 @@ sql <%= @name %> {
 #		idle_timeout = 60
 		idle_timeout = <%= @pool_idle_timeout %>

+		#  Connection timeout (in seconds).  The maximum amount of
+		#  time to wait for a new connection to be established.
+		#  Not supported by:
+		#    rlm_sql_firebird - Likely possible but no documentation.
+		#    rlm_sql_oracle - Not possible.
+		#    rlm_sql_postgresql - Should be set via the radius_db string instead.
+		#
+		connect_timeout = <%= @pool_connect_timeout %>
+
 		#  NOTE: All configuration settings are enforced.  If a
 		#  connection is closed because of "idle_timeout",
 		#  "uses", or "lifetime", then the total number of