[Freeipa-users] Permission not working as expected

Deepak Dimri deepak_dimri at hotmail.com
Tue Aug 30 13:04:36 UTC 2016 

Hi Alexander,
i did try adding the "member" effective attribute in GUI and also from the command prompt But the error is not going away when i try to delete the host from my taphostgroup. for me it only works if i have (&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then the i am allowed access to all the hosts in all the hostgroup :( I am kinda stuck with this issue.  Would be great if you can suggest any further headway!








 ipa permission-mod manage-taphostgroup --attrs={'userPassword','description','nshardwareplatform','nsosversion','usercertificate','userclass','macaddress','ipaassignedidview','ipasshpubkey','member'}
-----------------------------------------
Modified permission "manage-taphostgroup"
-----------------------------------------
  Permission name: manage-taphostgroup
  Granted rights: all
  Effective attributes: description, ipaassignedidview, ipasshpubkey, macaddress, member, nshardwareplatform, nsosversion, userPassword, usercertificate, userclass
  Bind rule type: permission
  Subtree: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
  Extra target filter: (memberOf=cn=taphostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com)
  Type: host
  Granted to Privilege: tap-hostgroup-privilege
  Indirect Member of roles: taphostgroup-role
Many thanks,Deepak
> Date: Tue, 30 Aug 2016 13:27:59 +0300
> From: abokovoy at redhat.com
> To: deepak_dimri at hotmail.com
> CC: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] Permission not working as expected
> 
> On Tue, 30 Aug 2016, Deepak Dimri wrote:
> >I did try the  exact steps from the blog but alas still it did not work. getting same error :(
> I don't give rights to write to 'member' attribute in the blog. You have
> to adopt to your situation, obviously.
> 
> -- 
> / Alexander Bokovoy
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160830/a2c695b8/attachment.htm>

More information about the Freeipa-users mailing list