Add conditional for setting authlogin_nsswitch_use_ldap selboolean
If selinux is enabled the authlogin_nsswitch_use_ldap Boolean must be enabled. This setting allows LDAP communications to the confined LDAP/server port. This change includes a conditional for enabling this Boolean only when selinux is in use. Change-Id: If985f2434d28fcd33198929bf61f2a3a82e601fe Closes-Bug: #1695002
This commit is contained in:
parent
39fcf37572
commit
90704a6017
|
@ -222,6 +222,12 @@ class tripleo::profile::base::keystone (
|
|||
|
||||
if $ldap_backend_enable {
|
||||
validate_hash($ldap_backends_config)
|
||||
if !str2bool($::selinux) {
|
||||
selboolean { 'authlogin_nsswitch_use_ldap':
|
||||
value => on,
|
||||
persistent => true,
|
||||
}
|
||||
}
|
||||
create_resources('::keystone::ldap_backend', $ldap_backends_config, {
|
||||
create_domain_entry => $manage_domain,
|
||||
})
|
||||
|
|
Loading…
Reference in New Issue