From 1623c5d588e0aefb0b7bbeff7d81b6387153b9fd Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Fri, 4 Aug 2017 17:06:56 +0200 Subject: [PATCH] Clarify SELinux note in LDAP documentation The eye-catchy-ness of the Important SELinux notice in the LDAP integration documentation can cause confusion for users to whom the notice is not applicable, such as Ubuntu or SUSE users. For them, SELinux is not enabled by default and they may not even be aware of what it is for, and so perceive a failure when they try to enable the SELinux boolean as described in the document. This patch prepends a clarification that the notice only applies to SELinux users, to hopefully make it clearer that not being able to follow the directions is just fine in many cases. Change-Id: I65a34608f1a51ec923329065b6443bdd525a1ac7 --- doc/source/admin/identity-integrate-with-ldap.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/source/admin/identity-integrate-with-ldap.rst b/doc/source/admin/identity-integrate-with-ldap.rst index 472ea8d49b..6f68f73b88 100644 --- a/doc/source/admin/identity-integrate-with-ldap.rst +++ b/doc/source/admin/identity-integrate-with-ldap.rst @@ -38,10 +38,11 @@ Identity LDAP server set up .. important:: - For the OpenStack Identity service to access LDAP servers, you must - enable the ``authlogin_nsswitch_use_ldap`` boolean value for SELinux - on the server running the OpenStack Identity service. To enable and - make the option persistent across reboots, set the following boolean + If you are using SELinux (enabled by default on RHEL derivatives), + then in order for the OpenStack Identity service to access LDAP servers, + you must enable the ``authlogin_nsswitch_use_ldap`` boolean value for + SELinux on the server running the OpenStack Identity service. To enable + and make the option persistent across reboots, set the following boolean value as the root user: .. code-block:: console