In the end it was SELinux . . . The various guides out there refer to the settings that are always needed:
setsebool -P httpd_can_sendmail 1 setsebool -P httpd_can_network_memcache 1 setsebool -P httpd_can_network_connect_db 1 setsebool -P httpd_unified 1 However for LDAP/AD authentication you also need setsebool -P httpd_can_connect_ldap 1 Once I'd worked out that no request was actually leaving the machine it was easy enough to work back to the problem. Note to self for future reference: "getsebool -a" is your friend. On Thursday, 4 October 2018 02:17:33 UTC+10, mujahid...@thoughtwire.com wrote: > Hi Peter, > > On 3.0.8 I had to ensure that these were installed in order to get AD > working: python-ldap openldap-devel > > Hopefully that helps > > On Monday, September 24, 2018 at 6:45:36 PM UTC-4, Peter Howard wrote: >> >> We're having trouble getting our new 2.5.17 install on CentOS 7 talking >> to our Active Directory server. >> >> Our 1.7.27 install on CentOS 6 talks to the server with no problems. >> >> A Kallithea install on the same CentOS 7 machine talks to the server with >> no problems. >> >> >> (Note the original 1.7.27 install was done in 2014 - by someone else no >> longer with the company - and the people in IT who handled the original AD >> setup a long gone as well, so I may be missing a key detail) >> >> For 1.7.27 the setup was fairly straightforward - on the Authentication >> Page: >> >> >> - Method - Active Directory >> - Domain Name - our normal domain name >> - Domain Controller - IP addr >> - OU name - basic name. >> >> Everything else blank >> >> Trying the same details on 2.5.17 resulted in log messages saying the >> Active Directory server could not be reached. A scan of the database >> tables shows that the actual data stored for 1.7.27 from those details is >> different to 2.5.17) Given that Kallithea was working via LDAP rather than >> AD we tried the same LDAP configuration. From which we get either >> >> root - Error authenticating with LDAP: (2, 'No such file or directory') >> >> or back to "can't connect". Sigh. >> >> >> Hoping for some suggestions. >> >> >> PJH >> > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
