To make LemonLDAP::NG work with SELinux, you may need to set up some options.

SELinux policy package

If you are using a RPM distribution and Apache as the web server, you need to install the lemonldap-ng-selinux package to configure SELinux context correctly

yum install lemonldap-ng-selinux


On CentOS 8 and Fedora, this is done automatically

This package will not configure SELinux booleans, please read the next sections to see which booleans you need to enable manually

Disk cache (sessions an configuration)

You need to set the correct context on the cache directory

Deprecated since version 2.0.10: this is now done by the lemonldap-ng-selinux package

semanage fcontext --add -t httpd_cache_t -f a '/var/cache/lemonldap-ng(/.*)?'
restorecon -R /var/cache/lemonldap-ng/


setsebool -P httpd_can_connect_ldap 1


setsebool -P httpd_can_network_connect_db 1


setsebool -P httpd_can_network_memcache 1

Proxy HTTP

setsebool -P httpd_can_network_relay 1