From: John Dennis Date: Mon, 26 Jan 2015 22:11:03 +0000 (-0500) Subject: set SELinux boolean httpd_can_connect_ldap when install infolap and authldap X-Git-Tag: v0.5.0~14 X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=c95d08303cbf37b0ac39414c27daf9b0889cae3a set SELinux boolean httpd_can_connect_ldap when install infolap and authldap Signed-off-by: John Dennis Reviewed-by: Patrick Uiterwijk --- diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py index 7170e95..3edd0dd 100644 --- a/ipsilon/info/infoldap.py +++ b/ipsilon/info/infoldap.py @@ -8,6 +8,7 @@ from ipsilon.util.plugin import PluginObject from ipsilon.util.policy import Policy from ipsilon.util import config as pconfig import ldap +import subprocess # TODO: fetch mapping from configuration @@ -196,3 +197,11 @@ class Installer(InfoProviderInstaller): # Update global config to add info plugin po.is_enabled = True po.save_enabled_state() + + # For selinux enabled platforms permit httpd to connect to ldap, + # ignore if it fails + try: + subprocess.call(['/usr/sbin/setsebool', '-P', + 'httpd_can_connect_ldap=on']) + except Exception: # pylint: disable=broad-except + pass diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py index f383003..1f6c3dc 100644 --- a/ipsilon/login/authldap.py +++ b/ipsilon/login/authldap.py @@ -7,6 +7,7 @@ from ipsilon.util.log import Log from ipsilon.util import config as pconfig from ipsilon.info.infoldap import InfoProvider as LDAPInfo import ldap +import subprocess class LDAP(LoginFormBase, Log): @@ -201,3 +202,11 @@ class Installer(LoginManagerInstaller): # Update global config to add login plugin po.is_enabled = True po.save_enabled_state() + + # For selinux enabled platforms permit httpd to connect to ldap, + # ignore if it fails + try: + subprocess.call(['/usr/sbin/setsebool', '-P', + 'httpd_can_connect_ldap=on']) + except Exception: # pylint: disable=broad-except + pass