[Freeipa-users] Centos7, selinux, certmonger, and openldap
Nordgren, Bryce L -FS
bnordgren at fs.fed.us
Sun Aug 3 20:22:02 UTC 2014
Hey all,
On CentOS 7 (presumably RHEL7 too), the tutorial on http://www.freeipa.org/page/PKI breaks (when applied to installing a certificate in /etc/openldap/certs). The offending line is "ipa-getcert request -d /etc/openldap/certs ...", and the failure message is "/etc/openldap/certs must be a directory".
SELinux is enforcing, and there was an AVC. Audit2allow suggests that I enable the boolean "authlogin_nsswitch_use_ldap". Works like a champ after that. Thought I'd bring it up because the name of the boolean doesn't scream out "let certmonger manage openldap's certificates."
Bryce
This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140803/f00696c9/attachment.htm>
More information about the Freeipa-users
mailing list