summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Dennis <jdennis@redhat.com>2015-01-26 17:11:03 -0500
committerPatrick Uiterwijk <puiterwijk@redhat.com>2015-03-23 12:45:50 +0100
commitc95d08303cbf37b0ac39414c27daf9b0889cae3a (patch)
treeedc3a1b97b8636d72c5bc4d1c0ce7f0a94d27124
parent83ec7148841303516fe31e76116b70c8a5f73aab (diff)
downloadipsilon-c95d08303cbf37b0ac39414c27daf9b0889cae3a.zip
ipsilon-c95d08303cbf37b0ac39414c27daf9b0889cae3a.tar.gz
ipsilon-c95d08303cbf37b0ac39414c27daf9b0889cae3a.tar.xz
set SELinux boolean httpd_can_connect_ldap when install infolap and authldap
Signed-off-by: John Dennis <jdennis@redhat.com> Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>
-rw-r--r--ipsilon/info/infoldap.py9
-rw-r--r--ipsilon/login/authldap.py9
2 files changed, 18 insertions, 0 deletions
diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py
index 7170e95..3edd0dd 100644
--- a/ipsilon/info/infoldap.py
+++ b/ipsilon/info/infoldap.py
@@ -8,6 +8,7 @@ from ipsilon.util.plugin import PluginObject
from ipsilon.util.policy import Policy
from ipsilon.util import config as pconfig
import ldap
+import subprocess
# TODO: fetch mapping from configuration
@@ -196,3 +197,11 @@ class Installer(InfoProviderInstaller):
# Update global config to add info plugin
po.is_enabled = True
po.save_enabled_state()
+
+ # For selinux enabled platforms permit httpd to connect to ldap,
+ # ignore if it fails
+ try:
+ subprocess.call(['/usr/sbin/setsebool', '-P',
+ 'httpd_can_connect_ldap=on'])
+ except Exception: # pylint: disable=broad-except
+ pass
diff --git a/ipsilon/login/authldap.py b/ipsilon/login/authldap.py
index f383003..1f6c3dc 100644
--- a/ipsilon/login/authldap.py
+++ b/ipsilon/login/authldap.py
@@ -7,6 +7,7 @@ from ipsilon.util.log import Log
from ipsilon.util import config as pconfig
from ipsilon.info.infoldap import InfoProvider as LDAPInfo
import ldap
+import subprocess
class LDAP(LoginFormBase, Log):
@@ -201,3 +202,11 @@ class Installer(LoginManagerInstaller):
# Update global config to add login plugin
po.is_enabled = True
po.save_enabled_state()
+
+ # For selinux enabled platforms permit httpd to connect to ldap,
+ # ignore if it fails
+ try:
+ subprocess.call(['/usr/sbin/setsebool', '-P',
+ 'httpd_can_connect_ldap=on'])
+ except Exception: # pylint: disable=broad-except
+ pass