Fixed SELinux file contexts from ldap::server.

2012-04-20 12:52:20 +03:00 · 2012-04-20 12:52:20 +03:00 · 87e8d757ad
commit 87e8d757ad
parent e8788f51bf
1 changed files with 18 additions and 0 deletions
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@ -447,11 +447,13 @@ class ldap::server {
            mode    => "0700",
            owner   => $user,
            group   => $group,
+            seltype => "slapd_db_t",
            require => Package["openldap-server"],
        }
        file { "/srv/ldap":
            ensure  => link,
            target  => $ldap_datadir,
+            seltype => "slapd_db_t",
            require => File[$ldap_datadir],
        }
    } else {
@ -460,10 +462,24 @@ class ldap::server {
            mode    => "0700",
            owner   => $user,
            group   => $group,
+            seltype => "slapd_db_t",
            require => Package["openldap-server"],
        }
    }

+    if "${selinux}" == "true" {
+        selinux::manage_fcontext { "/srv/ldap(/.*)?":
+            type   => "slapd_db_t",
+            before => File["/srv/ldap"],
+        }
+        if $ldap_datadir {
+            selinux::manage_fcontext { "${ldap_datadir}(/.*)?":
+                type   => "slapd_db_t",
+                before => File[$ldap_datadir],
+            }
+        }
+    }
+
    file { "${config}/schema":
        ensure  => directory,
        source  => "puppet:///modules/custom/empty",
@ -579,6 +595,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "") {
        mode    => "0700",
        owner   => $ldap::server::user,
        group   => $ldap::server::group,
+        seltype => "slapd_db_t",
        require => File["/srv/ldap"],
    }

@ -593,6 +610,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "") {
            "openbsd" => "wheel",
            default   => "root",
        },
+        seltype => "slapd_db_t",
        require => File["/srv/ldap/${name}"],
        before  => Service["slapd"],
    }