[Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute
Matt .
yamakasi.014 at gmail.com
Thu Mar 9 21:51:13 UTC 2017
I'm trying to add a host using Foreman to the FreeIPA realm but this
doesn't work, all things seem to be fine and some other tests from
people are working:
The issue is reported here: http://projects.theforeman.org/issues/18850
My settings are like this:
[root at ipa-01 ~]# ipa role-find
---------------
6 roles matched
---------------
Role name: helpdesk
Description: Helpdesk
Role name: IT Security Specialist
Description: IT Security Specialist
Role name: IT Specialist
Description: IT Specialist
Role name: Security Architect
Description: Security Architect
Role name: Smart Proxy Host Manager
Description: Smart Proxy management
Role name: User Administrator
Description: Responsible for creating Users and Groups
----------------------------
Number of entries returned 6
----------------------------
[root at ipa-01 ~]# ipa role-show "Smart Proxy Host Manager"
Role name: Smart Proxy Host Manager
Description: Smart Proxy management
Member users: foreman-proxy, foreman-realm-proxy
Privileges: Smart Proxy Host Management
[root at ipa-01 ~]# ipa privilege-show "Smart Proxy Host Management"
Privilege name: Smart Proxy Host Management
Description: Smart Proxy Host Management
Permissions: Retrieve Certificates from the CA, System: Add DNS
Entries, System: Read DNS Entries, System: Remove DNS Entries, System:
Update DNS
Entries, System: Manage Host Certificates, System:
Manage Host Enrollment Password, System: Manage Host Keytab, System:
Modify Hosts,
System: Remove Hosts, System: Manage Service Keytab,
System: Modify Services, Add Host Enrollment Password
Granting privilege to roles: Smart Proxy Host Manager
[root at ipa-01 ~]#
[root at ipa-01 ~]# ipa permission-find "Add Host"
---------------------
3 permissions matched
---------------------
Permission name: Add Host Enrollment Password
Granted rights: add
Effective attributes: userpassword
Bind rule type: permission
Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld
Type: host
Permission flags: V2, SYSTEM
Permission name: System: Add Hostgroups
Granted rights: add
Bind rule type: permission
Subtree: cn=hostgroups,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld
Type: hostgroup
Permission flags: V2, MANAGED, SYSTEM
Permission name: System: Add Hosts
Granted rights: add
Bind rule type: permission
Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld
Type: host
Permission flags: V2, MANAGED, SYSTEM
----------------------------
Number of entries returned 3
----------------------------
Can anyone help me out as I'm unsure where this goes wrong.
Thanks so far!
Regards,
Matt
More information about the Freeipa-users
mailing list