Eric Scholwin via FreeIPA-users wrote:
I was wondering if anyone noticed while installing FreeIPA on any of
their machines, whether or not their SELinux Booleans were affected? I installed this in a
test environment and nothing broke. However, when installed in my production environment,
an important SEBoolean was changed:
"authlogin_nsswitch_use_ldap --> on"
This particular boolean was changed to off, breaking logins for an application running on
the server that required connecting to an ldap server.
i've figured out what broke, now I'm just trying to figure out what caused it to
change. Is this something FreeIPA would normally change? I only ask because I've
installed this on about 30 systems and only this one was affected, but ldap also isn't
used on many of the other servers. Any insight would be appreciated.
It is likely authconfig making the change.
I don't believe ipa-client-install explicitly disables ldap so I'm
guessing authconfig is doing it when it enables sssd and sssdauth.