diff options
-rw-r--r-- | ipsilon/info/infoldap.py | 9 | ||||
-rw-r--r-- | ipsilon/login/authldap.py | 9 |
2 files changed, 18 insertions, 0 deletions
diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py index 6ba5b0d..498d433 100644 --- a/ipsilon/info/infoldap.py +++ b/ipsilon/info/infoldap.py @@ -8,6 +8,7 @@ from ipsilon.info.common import InfoMapping from ipsilon.util.plugin import PluginObject from ipsilon.util import config as pconfig import ldap +import subprocess # TODO: fetch mapping from configuration @@ -197,3 +198,11 @@ class Installer(InfoProviderInstaller): # Update global config to add login plugin po.is_enabled = True po.save_enabled_state() + + # For selinux enabled platforms permit httpd to connect to ldap, + # ignore if it fails + try: + subprocess.call(['/usr/sbin/setsebool', '-P', + 'httpd_can_connect_ldap=on']) + except Exception: # pylint: disable=broad-except + pass diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py index 5899ed2..9e51415 100644 --- a/ipsilon/login/authldap.py +++ b/ipsilon/login/authldap.py @@ -6,6 +6,7 @@ from ipsilon.util.log import Log from ipsilon.util import config as pconfig from ipsilon.info.infoldap import InfoProvider as LDAPInfo import ldap +import subprocess class LDAP(LoginFormBase, Log): @@ -207,3 +208,11 @@ class Installer(object): # Update global config to add login plugin po.is_enabled = True po.save_enabled_state() + + # For selinux enabled platforms permit httpd to connect to ldap, + # ignore if it fails + try: + subprocess.call(['/usr/sbin/setsebool', '-P', + 'httpd_can_connect_ldap=on']) + except Exception: # pylint: disable=broad-except + pass |