fixes from testing

refpolicy/policy/modules/services/ldap.te

@@ -38,6 +38,8 @@ allow slapd_t self:process setsched;
 allow slapd_t self:fifo_file { read write };
 allow slapd_t self:netlink_route_socket r_netlink_socket_perms;
 allow slapd_t self:udp_socket create_socket_perms;
+#slapd needs to listen and accept needed by ldapsearch (slapd needs to accept from ldapseach)
+allow slapd_t self:tcp_socket create_stream_socket_perms;
 
 # Allow access to the slapd databases
 allow slapd_t slapd_db_t:dir create_dir_perms;
@@ -106,7 +108,16 @@ sysnet_read_config(slapd_t)
 userdom_dontaudit_use_unpriv_user_fd(slapd_t)
 userdom_dontaudit_search_sysadm_home_dir(slapd_t)
 
-ifdef(`targeted_policy', `
+ifdef(`targeted_policy', 
+	#reh slapcat will want to talk to the terminal
+	term_use_generic_pty(slapd_t)
+	term_use_unallocated_tty(slapd_t)
+
+	userdom_search_generic_user_home_dir(slapd_t)
+	#need to be able to read ldif files created by root
+	# cjp: fix to not use templated interface:
+	userdom_read_user_home_files(user,slapd_t)
+
 	term_dontaudit_use_unallocated_tty(slapd_t)
 	term_dontaudit_use_generic_pty(slapd_t)
 	files_dontaudit_read_root_file(slapd_t)