[Freeipa-users] Insufficient 'write' privilege to the 'userCertificate'
Rob Crittenden
rcritten at redhat.com
Mon Jul 25 15:22:17 UTC 2016
mohammad sereshki wrote:
> hi
> I get below error from "getcert list",would you please help me to solve it?
>
> ca-error: Server denied our request, giving up: 2100 (RPC failed at
> server. Insufficient access:
> Insufficient 'write' privilege to the 'userCertificate' attribute of entry
> 'krbprincipalname=ldap/ipasrv.example.com at EXAMPLE.COM,cn=services,cn=accounts,dc=example,dc=com'.).
With so many threads on basically the same underlying issue it's
difficult to tell what works and what doesn't work and what you've done
to get past various blockers.
What have you done to get past the "Error setting up ccache for local
"host" service using default keytab" issue, for example?
Generic things to do:
- ipactl status to ensure all services are running
- check /var/log/httpd/error_log for more information on the CA ACL
issues. You may want to create /etc/ipa/server.conf with these contents:
[global]
debug = True
Then restart httpd and try to reproduce for more verbose output.
rob
More information about the Freeipa-users
mailing list