diff options
author | John Dennis <jdennis@redhat.com> | 2015-01-26 17:11:03 -0500 |
---|---|---|
committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2015-03-23 12:45:50 +0100 |
commit | c95d08303cbf37b0ac39414c27daf9b0889cae3a (patch) | |
tree | edc3a1b97b8636d72c5bc4d1c0ce7f0a94d27124 /ipsilon | |
parent | 83ec7148841303516fe31e76116b70c8a5f73aab (diff) | |
download | ipsilon.git-c95d08303cbf37b0ac39414c27daf9b0889cae3a.tar.gz ipsilon.git-c95d08303cbf37b0ac39414c27daf9b0889cae3a.tar.xz ipsilon.git-c95d08303cbf37b0ac39414c27daf9b0889cae3a.zip |
set SELinux boolean httpd_can_connect_ldap when install infolap and authldap
Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'ipsilon')
-rw-r--r-- | ipsilon/info/infoldap.py | 9 | ||||
-rw-r--r-- | ipsilon/login/authldap.py | 9 |
2 files changed, 18 insertions, 0 deletions
diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py index 7170e95..3edd0dd 100644 --- a/ipsilon/info/infoldap.py +++ b/ipsilon/info/infoldap.py @@ -8,6 +8,7 @@ from ipsilon.util.plugin import PluginObject from ipsilon.util.policy import Policy from ipsilon.util import config as pconfig import ldap +import subprocess # TODO: fetch mapping from configuration @@ -196,3 +197,11 @@ class Installer(InfoProviderInstaller): # Update global config to add info plugin po.is_enabled = True po.save_enabled_state() + + # For selinux enabled platforms permit httpd to connect to ldap, + # ignore if it fails + try: + subprocess.call(['/usr/sbin/setsebool', '-P', + 'httpd_can_connect_ldap=on']) + except Exception: # pylint: disable=broad-except + pass diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py index f383003..1f6c3dc 100644 --- a/ipsilon/login/authldap.py +++ b/ipsilon/login/authldap.py @@ -7,6 +7,7 @@ from ipsilon.util.log import Log from ipsilon.util import config as pconfig from ipsilon.info.infoldap import InfoProvider as LDAPInfo import ldap +import subprocess class LDAP(LoginFormBase, Log): @@ -201,3 +202,11 @@ class Installer(LoginManagerInstaller): # Update global config to add login plugin po.is_enabled = True po.save_enabled_state() + + # For selinux enabled platforms permit httpd to connect to ldap, + # ignore if it fails + try: + subprocess.call(['/usr/sbin/setsebool', '-P', + 'httpd_can_connect_ldap=on']) + except Exception: # pylint: disable=broad-except + pass |