Attempting to login in via LDAP authentication source configured on Satellite 6 installed on RHEL 7 gives connection error.

Solution Verified - Updated 5 Aug 2024

Environment

Red Hat Satellite 6
Red Hat Enterprise Linux 7
LDAP Authentication configured using IPA or Active Directory

Issue

When having Satellite 6 installed on RHEL 7 and selinux in enforcing mode authentication fails with connection error.

Resolution

Until the official solution to this is released, there are two possible workarounds:

Set the following SELinux boolean

# setsebool -P passenger_can_connect_all

Reconfigure SELinux in permissive mode,
```
# setenforce 0
```

For more KB articles/solutions related to Red Hat Satellite 6.x Authentication Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Authentication Issues

Root Cause

The SELinux is denying access for ruby process to required ports,

type=AVC msg=audit(1413207076.407:40449): avc:  denied  { name_connect } for  pid=25818 
comm="ruby" dest=389 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:
ldap_port_t:s0 tclass=tcp_socket

The This content is not included.Bugzilla 1151093 has been filed for this issue.

SBR

SysMgmt

Product(s)

Red Hat Satellite

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.