[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ldap server + enforcing mode?



Sending to the list as well. I hate reply-to: :)

Robert Story wrote:
I'm trying to get ldap (from openldap-servers-2.4.8-6) running in
enforcing mode on a F9 server. When I try in enforcing mode, it fails.
I've attaced the AVCs from the audit log, for 'service ldap start' in
enforcing and permissive mode (with don't audit disabled), along with
the avcs after the first round were passed through audit2allow and
loaded..  After those are added and loaded, it starts up fine with no
AVCs...

what exactly did audit2allow tell you to add?

From the AVCs this looks like a mislabelled cert -
/etc/openldap/cacerts/cacert.pem
which is labelled as user_tmp_t

what is reported by this:
# restorecon -Rnv /etc/openldap/cacerts

The CA certificate you have there wasn't moved from /tmp by any chance?


Stuart
--
Stuart Sears RHCA etc.
"It's today!" said Piglet.
"My favourite day," said Pooh.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]