Open Stack

Hi,

Thanks for the reply.

The SELinux boolean variable authlogin_nsswitch_use_ldap is not available
in the list of booleans. So, how do I manually add the boolean?
This boolean is required to be set to enable ldap authentication.

Thanks,
Tizy


On Fri, May 9, 2014 at 8:52 AM, Adam Young <ayoung at redhat.com> wrote:

>  On 05/06/2014 09:01 PM, Roman Sokolkov wrote:
>
> Tizy,
>
>  Selinux is disabled on all nodes under Fuel.
>
>
> https://github.com/stackforge/fuel-library/blob/stable/4.0/deployment/puppet/cobbler/templates/kickstart/centos.ks.erb#L32
>
>
>  You could check it by "getenforce" command. It should report "Disabled".
>
>  So you could simply pass all steps related to Selinux.
>
>  Thank you.
>
> Yeah, you don't need to deal with SELinux if SELinux is disabled.
>
>
>
>
>
> On Tue, May 6, 2014 at 12:51 AM, Tizy Ninan <tizy.elza at gmail.com> wrote:
>
>> Hi
>>
>>  We are trying to integrate the openstack setup with the Microsoft
>> Active Directory(LDAP server).
>>
>> As per openstack documentation,
>> http://docs.openstack.org/admin-guide-cloud/content/configuring-keystone-for-ldap-backend.html  in
>> order to integrate with an LDAP server, an SELinux Boolean variable
>> ‘authlogin_nsswitch_use_ldap’ needs to be set. We tried setting the
>> variable using the following command.
>> $ setsebool –P authlogin_nsswitch_use_ldap 1
>> It returned a message stating SElinux is disabled. We changed the status
>> of SElinux to permissive mode and tried setting the boolean variable, but
>> it returned a message stating ‘record not found in the database’.
>>
>> We also tried retrieving all the boolean variables by using the following
>> command
>> $getsebool –a
>> It listed out all the boolean variables, but there was no variable named
>> ‘authlogin_nsswitch_use_ldap’ in the list.
>> In order to add the variable we needed semanage. When executing the
>> ‘semanage’ command it returned ‘command not found’. To install semanage we
>> tried installing policycoreutils-python. It showed no package
>> policycoreutils-python available.
>>
>> We are using Mirantis Fuel v4.0. We have an openstack Havana deployment
>> on CentOS 6.4 and nova-network network service.
>> Can you please help us on why the SELinux boolean variable
>> (authlogin_nsswitch_use_ldap) is not available. Is it because the CentOS
>> image provided by the Fuel master node  does not provide the SELinux
>> settings?  Is there any alternative ways to set this boolean variable?
>>
>> Kindly help us to resolve this issue.
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
>  --
> Roman Sokolkov,
> Deployment Engineer,
> Mirantis, Inc.
> Skype rsokolkov,
> rsokolkov at mirantis.com
>
>
> _______________________________________________
> OpenStack-dev mailing listOpenStack-dev at lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140514/c3d98d0a/attachment.html>