<div dir="ltr">Hi,<div><br></div><div>Thanks for the reply. </div><div><br></div><div>The SELinux boolean variable <span style="font-family:arial,sans-serif;font-size:13px">authlogin_nsswitch_use_ldap is not available in the list of booleans. So, how do I manually add the boolean?</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px">This boolean is required to be set to enable ldap authentication.</span></div><div><br></div><div>Thanks,</div><div>Tizy</div></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Fri, May 9, 2014 at 8:52 AM, Adam Young <span dir="ltr"><<a href="mailto:ayoung@redhat.com" target="_blank">ayoung@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div class="">
<div>On 05/06/2014 09:01 PM, Roman Sokolkov
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Tizy,
<div><br>
</div>
<div>Selinux is disabled on all nodes under Fuel.</div>
<div><br>
</div>
<blockquote style="margin:0 0 0 40px;border:none;padding:0px">
<div><a href="https://github.com/stackforge/fuel-library/blob/stable/4.0/deployment/puppet/cobbler/templates/kickstart/centos.ks.erb#L32" target="_blank">https://github.com/stackforge/fuel-library/blob/stable/4.0/deployment/puppet/cobbler/templates/kickstart/centos.ks.erb#L32</a></div>
</blockquote>
<div><br>
</div>
<div>You could check it by "getenforce" command. It should
report "Disabled".</div>
<div><br>
</div>
<div>So you could simply pass all steps related to Selinux.</div>
<div><br>
</div>
<div>Thank you.</div>
</div>
</blockquote></div>
Yeah, you don't need to deal with SELinux if SELinux is disabled.<div><div class="h5"><br>
<br>
<br>
<blockquote type="cite">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, May 6, 2014 at 12:51 AM, Tizy
Ninan <span dir="ltr"><<a href="mailto:tizy.elza@gmail.com" target="_blank">tizy.elza@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi
<div><br>
</div>
<div><span style="font-family:arial,sans-serif;font-size:13px">We
are trying to integrate the openstack setup with the
Microsoft Active Directory(LDAP server).</span><br style="font-family:arial,sans-serif;font-size:13px">
<br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">As
per openstack documentation, </span><a href="http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html" style="font-family:arial,sans-serif;font-size:13px" target="_blank">http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html</a><span style="font-family:arial,sans-serif;font-size:13px"> in
order to integrate with an LDAP server, an SELinux
Boolean variable ‘authlogin_nsswitch_use_ldap’ needs
to be set. We tried setting the variable using the
following command.</span><br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">$
setsebool –P authlogin_nsswitch_use_ldap 1</span><br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">It
returned a message stating SElinux is disabled. We
changed the status of SElinux to permissive mode and
tried setting the boolean variable, but it returned a
message stating ‘record not found in the database’.</span><br style="font-family:arial,sans-serif;font-size:13px">
<br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">We
also tried retrieving all the boolean variables by
using the following command</span><br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">$getsebool
–a</span><br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">It
listed out all the boolean variables, but there was no
variable named ‘authlogin_nsswitch_use_ldap’ in the
list.</span><br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">In
order to add the variable we needed semanage. When
executing the ‘semanage’ command it returned ‘command
not found’. To install semanage we tried installing
policycoreutils-python. It showed no package
policycoreutils-python available.</span><br style="font-family:arial,sans-serif;font-size:13px">
<br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">We
are using Mirantis Fuel v4.0. We have an openstack
Havana deployment on CentOS 6.4 and nova-network
network service.</span><br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">Can
you please help us on why the SELinux boolean variable
(authlogin_nsswitch_use_ldap) is not available. Is it
because the CentOS image provided by the Fuel master
node does not provide the SELinux settings? Is there
any alternative ways to set this boolean variable?</span><br style="font-family:arial,sans-serif;font-size:13px">
<br style="font-family:arial,sans-serif;font-size:13px">
<span style="font-family:arial,sans-serif;font-size:13px">Kindly
help us to resolve this issue.</span><br>
</div>
</div>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">Roman Sokolkov,
<div>Deployment Engineer,</div>
<div>Mirantis, Inc.<br>
Skype rsokolkov,<br>
<a href="mailto:rsokolkov@mirantis.com" target="_blank">rsokolkov@mirantis.com</a><br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
OpenStack-dev mailing list
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>