summaryrefslogtreecommitdiffstats
path: root/raddb/mods-available/couchbase
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--raddb/mods-available/couchbase204
1 files changed, 204 insertions, 0 deletions
diff --git a/raddb/mods-available/couchbase b/raddb/mods-available/couchbase
new file mode 100644
index 0000000..da1a39d
--- /dev/null
+++ b/raddb/mods-available/couchbase
@@ -0,0 +1,204 @@
+couchbase {
+ #
+ # List of Couchbase hosts (hosts may be space, tab, comma or semi-colon separated).
+ # Ports are optional if servers are listening on the standard port.
+ # Complete pool urls are preferred.
+ #
+ server = "http://cb01.blargs.com:8091/pools/ http://cb04.blargs.com:8091/pools/"
+
+ # Couchbase bucket name
+ bucket = "radius"
+
+ # Couchbase bucket password (optional)
+ #password = "password"
+
+ # Couchbase accounting document key (unlang supported)
+ acct_key = "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}"
+
+ # Value for the 'docType' element in the json body for accounting documents
+ doctype = "radacct"
+
+ ## Accounting document expire time in seconds (0 = never)
+ expire = 2592000
+
+ #
+ # Map attribute names to json element names for accounting.
+ #
+ # Configuration items are in the format:
+ # <radius attribute> = '<element name>'
+ #
+ # Element names should be single quoted.
+ #
+ # Note: Attributes not in this map will not be recorded.
+ #
+ update {
+ Acct-Session-Id = 'sessionId'
+ Acct-Unique-Session-Id = 'uniqueId'
+ Acct-Status-Type = 'lastStatus'
+ Acct-Authentic = 'authentic'
+ User-Name = 'userName'
+ Stripped-User-Name = 'strippedUserName'
+ Stripped-User-Domain = 'strippedUserDomain'
+ Realm = 'realm'
+ NAS-IP-Address = 'nasIpAddress'
+ NAS-Identifier = 'nasIdentifier'
+ NAS-Port = 'nasPort'
+ Called-Station-Id = 'calledStationId'
+ Called-Station-SSID = 'calledStationSSID'
+ Calling-Station-Id = 'callingStationId'
+ Framed-Protocol = 'framedProtocol'
+ Framed-IP-Address = 'framedIpAddress'
+ NAS-Port-Type = 'nasPortType'
+ Connect-Info = 'connectInfo'
+ Acct-Session-Time = 'sessionTime'
+ Acct-Input-Packets = 'inputPackets'
+ Acct-Output-Packets = 'outputPackets'
+ Acct-Input-Octets = 'inputOctets'
+ Acct-Output-Octets = 'outputOctets'
+ Acct-Input-Gigawords = 'inputGigawords'
+ Acct-Output-Gigawords = 'outputGigawords'
+ Event-Timestamp = 'lastUpdated'
+ }
+
+ # Couchbase document key for user documents (unlang supported)
+ user_key = "raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}"
+
+ # Set to 'yes' to read radius clients from the Couchbase view specified below.
+ # NOTE: Clients will ONLY be read on server startup.
+ #read_clients = no
+
+ #
+ # Map attribute names to json element names when loading clients.
+ #
+ # Configuration follows the same rules as the accounting map above.
+ #
+ client {
+ # Couchbase view that should return all available client documents.
+ view = "_design/client/_view/by_id"
+
+ #
+ # Sets default values (not obtained from couchbase) for new client entries
+ #
+ template {
+# login = 'test'
+# password = 'test'
+# proto = tcp
+# require_message_authenticator = yes
+
+ # Uncomment to add a home_server with the same
+ # attributes as the client.
+# coa_server {
+# response_window = 2.0
+# }
+ }
+
+ #
+ # Client mappings are in the format:
+ # <client attribute> = '<element name>'
+ #
+ # Element names should be single quoted.
+ #
+ # The following attributes are required:
+ # * ipaddr | ipv4addr | ipv6addr - Client IP Address.
+ # * secret - RADIUS shared secret.
+ #
+ # All attributes usually supported in a client
+ # definition are also supported here.
+ #
+ attribute {
+ ipaddr = 'clientIdentifier'
+ secret = 'clientSecret'
+ shortname = 'clientShortname'
+ nas_type = 'nasType'
+ virtual_server = 'virtualServer'
+ require_message_authenticator = 'requireMessageAuthenticator'
+ limit {
+ max_connections = 'maxConnections'
+ lifetime = 'clientLifetime'
+ idle_timeout = 'idleTimeout'
+ }
+ }
+ }
+
+ # Set to 'yes' to enable simultaneous use checking (multiple logins).
+ # NOTE: This will cause the execution of a view request on every check
+ # and may be a performance penalty.
+# check_simul = no
+
+ # Couchbase view that should return all account documents keyed by username.
+# simul_view = "_design/acct/_view/by_user"
+
+ # The key to the above view.
+ # NOTE: This will need to match EXACTLY what you emit from your view.
+# simul_vkey = "%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}"
+
+ # Set to 'yes' to enable verification of the results returned from the above view.
+ # NOTE: This may be an additional performance penalty to the actual check and
+ # should be avoided unless absolutely neccessary.
+# verify_simul = no
+
+ # Remove stale session if checkrad does not see a double login.
+ # NOTE: This will only be executed if both check_simul and verify_simul
+ # are set to 'yes' above.
+# delete_stale_sessions = yes
+
+ #
+ # The connection pool is used to pool outgoing connections.
+ #
+ pool {
+ # Connections to create during module instantiation.
+ # If the server cannot create specified number of
+ # connections during instantiation it will exit.
+ # Set to 0 to allow the server to start without the
+ # couchbase being available.
+ start = ${thread[pool].start_servers}
+
+ # Minimum number of connections to keep open
+ min = ${thread[pool].min_spare_servers}
+
+ # Maximum number of connections
+ #
+ # If these connections are all in use and a new one
+ # is requested, the request will NOT get a connection.
+ #
+ # Setting 'max' to LESS than the number of threads means
+ # that some threads may starve, and you will see errors
+ # like 'No connections available and at max connection limit'
+ #
+ # Setting 'max' to MORE than the number of threads means
+ # that there are more connections than necessary.
+ max = ${thread[pool].max_servers}
+
+ # Spare connections to be left idle
+ #
+ # NOTE: Idle connections WILL be closed if "idle_timeout"
+ # is set. This should be less than or equal to "max" above.
+ spare = ${thread[pool].max_spare_servers}
+
+ # Number of uses before the connection is closed
+ #
+ # 0 means "infinite"
+ uses = 0
+
+ # The lifetime (in seconds) of the connection
+ #
+ # NOTE: A setting of 0 means infinite (no limit).
+ lifetime = 0
+
+ # The idle timeout (in seconds). A connection which is
+ # unused for this length of time will be closed.
+ #
+ # NOTE: A setting of 0 means infinite (no timeout).
+ idle_timeout = 1200
+
+ # NOTE: All configuration settings are enforced. If a
+ # connection is closed because of "idle_timeout",
+ # "uses", or "lifetime", then the total number of
+ # connections MAY fall below "min". When that
+ # happens, it will open a new connection. It will
+ # also log a WARNING message.
+ #
+ # The solution is to either lower the "min" connections,
+ # or increase lifetime/idle_timeout.
+ }
+}