Hide Forgot
+++ This bug was initially created as a clone of Bug #1396886 +++ Description of problem: ====================== Was following the steps mentioned in the admin guide to integrate nagios and ldap: https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3.1/html-single/Administration_Guide/index.html#Integrating_LDAP_Authentication_with_Nagios Tried logging in to Nagios web UI using the login credentials of AD users, but that failed with 500: Internal Server Error. Set the selinx policy to permissive and login to nagios web UI was successful. Seeing the below error in audit logs: type=AVC msg=audit(1479359600.477:65770): avc: denied { name_connect } f or pid=3714 comm="httpd" dest=389 scontext=system_u:system_r:httpd_t:s0 t context=system_u:object_r:ldap_port_t:s0 tclass=tcp_socket Version-Release number of selected component (if applicable): ============================================================== RHGS 3.2 interim build (3.8.4-5) selinux-policy-targeted-3.13.1-102.el7_3.4.noarch selinux-policy-3.13.1-102.el7_3.4.noarch How reproducible: ================= 2:2 Additional info: ================ [root@dhcp46-239 ~]# rpm -qa | grep gluster nfs-ganesha-gluster-2.3.1-8.el7rhgs.x86_64 glusterfs-api-3.8.4-5.el7rhgs.x86_64 python-gluster-3.8.4-5.el7rhgs.noarch glusterfs-client-xlators-3.8.4-5.el7rhgs.x86_64 glusterfs-server-3.8.4-5.el7rhgs.x86_64 glusterfs-ganesha-3.8.4-5.el7rhgs.x86_64 gluster-nagios-common-0.2.4-1.el7rhgs.noarch glusterfs-devel-3.8.4-5.el7rhgs.x86_64 gluster-nagios-addons-0.2.8-1.el7rhgs.x86_64 glusterfs-libs-3.8.4-5.el7rhgs.x86_64 glusterfs-fuse-3.8.4-5.el7rhgs.x86_64 glusterfs-api-devel-3.8.4-5.el7rhgs.x86_64 glusterfs-rdma-3.8.4-5.el7rhgs.x86_64 glusterfs-3.8.4-5.el7rhgs.x86_64 glusterfs-cli-3.8.4-5.el7rhgs.x86_64 glusterfs-geo-replication-3.8.4-5.el7rhgs.x86_64 glusterfs-debuginfo-3.8.4-4.el7rhgs.x86_64 glusterfs-events-3.8.4-5.el7rhgs.x86_64 [root@dhcp46-239 ~]# [root@dhcp46-239 ~]# [root@dhcp46-239 ~]# gluster peer status Number of Peers: 3 Hostname: 10.70.46.240 Uuid: 72c4f894-61f7-433e-a546-4ad2d7f0a176 State: Peer in Cluster (Connected) Hostname: 10.70.46.242 Uuid: 1e8967ae-51b2-4c27-907e-a22a83107fd0 State: Peer in Cluster (Connected) Hostname: 10.70.46.218 Uuid: 0dea52e0-8c32-4616-8ef8-16db16120eaa State: Peer in Cluster (Connected) [root@dhcp46-239 ~]# [root@dhcp46-239 ~]# [root@dhcp46-239 ~]#
Doc URL ========= https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3.1/html-single/Administration_Guide/index.html#Integrating_LDAP_Authentication_with_Nagios Section name: ============= 18.5.4. Integrating LDAP Authentication with Nagios Change required: =============== Change the existing step5 to step6. And add whatever is written below as /new/ step5 Enable boolean httpd_can_connect_ldap if not enabled getsebool httpd_can_connect_ldap setsebool httpd_can_connect_ldap on
(In reply to Sweta Anandpara from comment #2) Sweta, I have updated the documentation based on Comment 2. Link to the doc: http://ccs-jenkins.gsslab.brq.redhat.com:8080/job/doc-Red_Hat_Gluster_Storage-3.2-Administration_Guide-branch-BZ-1396889-Nagios_updates/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#Integrating_LDAP_Authentication_with_Nagios Please review and let me know if the changes are fine.
Looks good.
Thanks Sweta, merged and setting the bug ON_QA. Added a new step to enable the httpd_can_connect_ldap boolean: http://ccs-jenkins.gsslab.brq.redhat.com:8080/job/doc-Red_Hat_Gluster_Storage-3.2-Administration_Guide-branch-master/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#Integrating_LDAP_Authentication_with_Nagios Please note that this branch does not yet contain all merges for RHGS 3.2.
Changes look good. Moving this BZ to verified in 3.2.
RHGS 3.2.0 GA completed on 23 March 2017