[Freeipa-users] User_show works from webserver, user_add ipa: ERROR: Insufficient access
Martin Kosek
mkosek at redhat.com
Tue Jul 30 15:55:01 UTC 2013
On 07/30/2013 05:52 PM, Alexander Bokovoy wrote:
> On Tue, 30 Jul 2013, Dmitri Pal wrote:
>> On 07/30/2013 08:17 AM, Matt . wrote:
>>> Hi Dimitri,
>>>
>>> It's a good tuturial but I'm kinda stuck (and new to that part)
>>>
>>> What we seem to need is:
>>>
>>> A -> B -> C -> D
>>> A= user(running one) B= Webserver C=IPAserver D= LDAP on IPAserver
>>>
>>> I thought we didn't need the C -> D part because this is what IPA
>>> does. We actually need the A -> B -> C part exectured from a php
>>> script to add a user with user_add.
>>>
>>> More details about that are welcome.
>>
>> You use the article but instead of accessing LDAP directly you need to
>> access ipa web sever because you will be running IPA commands and not
>> LDAP queries.
>> So you instead of using |ldap/ipa.example.com| principal as outlined in
>> the article you configure aquision of tickets for |http/ipa.example.com|.
>> Makes sense?
> Yes and Matt actually solved his problem on IRC and now is happily deploying
> his servers. :)
>
> I'll extend the article to cover the case when you need to talk to both
> LDAP and IPA server XML-RPC/JSON API.
>
> Ideally we need to introduce some commands to manage delegations between
> services. An RFE ticket for CLI?
>
Already filed :-)
https://fedorahosted.org/freeipa/ticket/3644
Contributions are very welcome.
Martin
More information about the Freeipa-users
mailing list