[Freeipa-users] User Administrator role from the web UI
Petr Vobornik
pvoborni at redhat.com
Thu Aug 2 08:48:23 UTC 2012
On 08/02/2012 05:14 AM, Loris Santamaria wrote:
> Hi, I added a user to the "User Administrator Role" and when I do a
> kinit with this user I can use the "ipa user*" and "ipa group*" commands
> as expected to add, modify and delete groups.
>
> However from the IPA Web UI, logging in with the login form, I can see
> only the Identity->Users tab. I can modify users, except for group
> membership, but I can't create or delete users and I cannot create or
> delete groups.
>
> Is this an expected limitation of the web UI, a bug or a
> misconfiguration? Where I could start debugging this?
>
> Thanks
>
It should work.
There is a bug when user is indirect member of a role. It will be fixed
in 3.0 beta 2. https://fedorahosted.org/freeipa/ticket/2899
User should see full interface when he is a member of any role or a
member or indirect member of group 'admins'.
To debug this you can inspect 'IPA.whoami' object in browser's console
(press F12 in most browsers or CTRL+SHIFT+K in latest Firefox in Fedora)
after successful login. Look for 'admin' in memberof_group,
memberofindirect_group or anything in memberof_role.
--
Petr Vobornik
More information about the Freeipa-users
mailing list