diff options
| author |   Jacob Liberman <jliberma@redhat.com> | 2017-06-01 09:33:21 -0500 |
|---|---|---|
| committer |   Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-06-02 06:07:46 +0000 |
| commit | 7ea37eaadc8f6daf5524c20cb6dfa7ee525c966f (patch) | |
| tree | c813d254c14dc007bb35ea75c6036384431fa16e | |
| parent | fd20b306b0bb4be2f5b251b45daeda5d215fb618 (diff) | |
Add conditional for setting authlogin_nsswitch_use_ldap selboolean
If selinux is enabled the authlogin_nsswitch_use_ldap Boolean must
be enabled. This setting allows LDAP communications to the confined
LDAP/server port. This change includes a conditional for enabling this
Boolean only when selinux is in use.
Change-Id: If985f2434d28fcd33198929bf61f2a3a82e601fe
Closes-Bug: #1695002
(cherry picked from commit 90704a6017f7c539e3c1fed038ed247763619380)
| -rw-r--r-- | manifests/profile/base/keystone.pp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index 9aa3eb3..87f6c7f 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -172,6 +172,12 @@ class tripleo::profile::base::keystone ( if $ldap_backend_enable { validate_hash($ldap_backends_config) + if !str2bool($::selinux) { + selboolean { 'authlogin_nsswitch_use_ldap': + value => on, + persistent => true, + } + } create_resources('::keystone::ldap_backend', $ldap_backends_config, { create_domain_entry => $manage_domain, }) |