This article applies to BoKS Manager 6.7, 6.7.1 and 7.0.

Description

When you run BoKS Manager / Server Agent for Unix/Linux on Red Hat Enterprise Linux 7 and have SELinux activated, external LDAP authentication of user accounts fails and an AVC similar to the following is written in /var/log/audit/audit.log:

type=AVC msg=audit(1470161357.885:120): avc: denied { name_connect } for pid=3220 comm="ldapauth" dest=389 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket

Resolution / Workaround

To resolve this, set the Boolean authlogin_nsswitch_use_ldap to allow external LDAP authentication while SELinux is enabled.

To set the Boolean, run the following command:

# setsebool -P authlogin_nsswitch_use_ldap=1

To check the current setting of the Boolean, run the following command:

# getsebool authlogin_nsswitch_use_ldap

See also

  • https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/3/html/Installation_and_Configuration_Guide/Configuring_for_an_LDAP_Backend.html

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: June 28, 2019