I did try the exact steps from the blog but alas still it did not work. getting same error :(
p-172-31-29-153.us-west-2.compute.internal: Insufficient access: Insufficient 'write' privilege to the 'member' attribute of entry 'cn=my-hostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com'. Regards,Deepak > Date: Tue, 30 Aug 2016 13:04:07 +0300 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: [Freeipa-users] Permission not working as expected > > On Tue, 30 Aug 2016, Deepak Dimri wrote: > >Hi Alexander, > >Thanks for the reply > >i tried exact steps below but it still not working. the admin user > >added to new role and privilege we have created is getting an error > >when trying to add or remove host of myhostgroup. > >ip-172-31-29-153.us-west-2.compute.internal: Insufficient access: > >Insufficient 'write' privilege to the 'member' attribute of entry > >'cn=myhostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com'. > >not sure if DN (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test) > >would make any difference? I also noticed i dont get Permission flags: V2, > >SYSTEM in my ipa output. not sure if that would make any difference > >I would really appreciate if this can be resolved... > Read the other emails I sent in this thread. > > The whole story is here: > https://vda.li/en/posts/2016/08/30/Creating-permissions-in-FreeIPA/ > > -- > / Alexander Bokovoy
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
