Configure Firewall SELinux for OpenLDAP on CentOS 7

Configure Firewall and SELinux for OpenLDAP Server on CentOS 7/Red Hat 7

In CentOS Linux 7 Firewalld is use for firewall, In previous version of CentOS Linux iptables is use for firewall. Firewall is very important for Linux operating systems because it is not allow the unwanted traffic inside the operating system. Fundamental need of firewall in Linux operating system or any operating system to secure it.

SELinux Stands for Security Enhanced Linux. SELinux is use to implement additional security policies and access permissions. SELinux have three options in its configuration file "/etc/selinux/config" Enforcing, Permissive and Disabled. By-default SELinux is set as Enforcing in its configuration file, Its mean SELinux is enable with enforce in Linux operating system.

To Configure a Firewall "Firewalld" in OpenLDAP Server for Client Lightweight Directory Access Protocol (LDAP) communication type a below commands.

firewall-cmd --permanent --add-port=389/tcp
firewall-cmd --permanent --add-port=389/udp
firewall-cmd --reload

configure firewall for openldap on centos

To Configure SELinux for OpenLDAP Server on CentOS 7, Set a SELinux Boolean Values.

To Allow OpenLDAP for SELinux type the below command.

setsebool -P httpd_can_connect_ldap on

configure selinux for openldap on centos

Type the below command for OpenLDAP authentication and for OpenLDAP communication with applications.

setsebool -P allow_ypbind=0 authlogin_nsswitch_use_ldap=0

how configure selinux for openldap on centos

Set SELinux for OpenLDAP service "slapd" to Permissive. To set SELinux for OpenLDAP in Permissive mode type below command, then start OpenLDAP service "slapd".

semanage permissive -a slapd_t
systemctl start slapd

how configure selinux for openldap on centos

Type the below command to grep the result of slapd_t "OpenLDAP Service".

ps -eZ | grep slapd_t

configure selinux for openldap on centos


Type the below commands of SELinux Boolean Values to authenticate OpenLDAP users.

setsebool -P authlogin_nsswitch_use_ldap 1
setsebool -P daemons_dump_core 1
setsebool -P nis_enabled 1

configure selinux for openldap on centos

Check the status of OpenLDAP service "slapd" type the below command.

systemctl status slapd

configure selinux for openldap on centos

Check the status of SELinux type below command.

sestatus

configure selinux for openldap on centos

In above image you can see that SELinux is enforcing mode.

Check status of Firewall "Firewalld" type below command.

systemctl status firewalld

configure selinux for openldap on centos

Thanks for read this Article

Comments