tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: Add note about known optional SELinux booleans 

refs #3236
This commit is contained in:
Johannes Meyer 2018-01-18 16:05:42 +01:00
parent 00eeab5883
commit a7e29c0c39
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/05-Authentication.md
View File

@ -93,6 +93,9 @@ user\_class | **Optional.** LDAP user class. Defaults to `inetOrgPe
user\_name\_attribute | **Optional.** LDAP attribute which contains the username. Defaults to `uid`.
filter | **Optional.** LDAP search filter. Requires `user_class` and `user_name_attribute`.
> **Note for SELinux**
>
> If you run into problems connecting with LDAP and have SELinux enabled, take a look [here](90-SELinux.md#selinux-optional-booleans).
Example:

9
doc/90-SELinux.md
View File

@ -96,6 +96,15 @@ Having this boolean enabled allows httpd to write to the configuration labeled `
default. If not needed, you can disable it for more security. But this will disable all web based configuration of
Icinga Web 2.
### Optional Booleans <a id="selinux-optional-booleans"></a>
The Icinga Web 2 policy package does not enable booleans not required by default. In order to allow these things,
you'll need to enable them manually. (i.e. with the tool `setsebool`)
**Ldap**
If you want to allow httpd to connect to the ldap port, you must turn on the `httpd_can_connect_ldap` boolean.
Disabled by default.
## Bugreports <a id="selinux-bugreports"></a>
If you experience any problems while running SELinux in enforcing mode try to reproduce it in permissive mode. If the