[CentOS] selinux prohibiting sssd usage

Wed Aug 10 17:59:14 UTC 2011
Paul Heinlein <heinlein at madboa.com>

On Wed, 10 Aug 2011, david wrote:

> At 09:32 AM 8/10/2011, you wrote:
>> Part of the environment is gitweb, which works as expected with one 
>> glitch: SELinux doesn't allow gitweb.cgi to query sssd to display 
>> who owns the repositories. [....]
>
> Paul
>
> I've just spent three days trying to figure out why SSH worked 
> sometimes, sometimes not.  Just minutes before your note arrived, I 
> figured I had to disable SELINUX, and now it works just fine.  Your 
> note confirmed that there's a link there.

I haven't had any trouble with ssh. I'll note that the system in 
question gets user account information from ldap.

Oddly, when using sssd+ldap, getent without a specific key won't 
return ldap account information, but with a key it will. That is, 
"getent passwd" will return only accounts in the local /etc/passwd 
database, but "getent passwd bob" will return ldap-supplied 
information about user bob.

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/