From c95d08303cbf37b0ac39414c27daf9b0889cae3a Mon Sep 17 00:00:00 2001
From: John Dennis <jdennis@redhat.com>
Date: Mon, 26 Jan 2015 17:11:03 -0500
Subject: set SELinux boolean httpd_can_connect_ldap when install infolap and
 authldap

Signed-off-by: John Dennis <jdennis@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 ipsilon/info/infoldap.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'ipsilon/info/infoldap.py')

diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py
index 7170e95..3edd0dd 100644
--- a/ipsilon/info/infoldap.py
+++ b/ipsilon/info/infoldap.py
@@ -8,6 +8,7 @@ from ipsilon.util.plugin import PluginObject
 from ipsilon.util.policy import Policy
 from ipsilon.util import config as pconfig
 import ldap
+import subprocess
 
 
 # TODO: fetch mapping from configuration
@@ -196,3 +197,11 @@ class Installer(InfoProviderInstaller):
         # Update global config to add info plugin
         po.is_enabled = True
         po.save_enabled_state()
+
+        # For selinux enabled platforms permit httpd to connect to ldap,
+        # ignore if it fails
+        try:
+            subprocess.call(['/usr/sbin/setsebool', '-P',
+                             'httpd_can_connect_ldap=on'])
+        except Exception:  # pylint: disable=broad-except
+            pass
-- 
cgit