Hi Alexander,
i did try adding the "member" effective attribute in GUI and also from the
command prompt But the error is not going away when i try to delete the host
from my taphostgroup. for me it only works if i have
(&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then the i am
allowed access to all the hosts in all the hostgroup :( I am kinda stuck with
this issue. Would be great if you can suggest any further headway!
ipa permission-mod manage-taphostgroup
--attrs={'userPassword','description','nshardwareplatform','nsosversion','usercertificate','userclass','macaddress','ipaassignedidview','ipasshpubkey','member'}
-----------------------------------------
Modified permission "manage-taphostgroup"
-----------------------------------------
Permission name: manage-taphostgroup
Granted rights: all
Effective attributes: description, ipaassignedidview, ipasshpubkey,
macaddress, member, nshardwareplatform, nsosversion, userPassword,
usercertificate, userclass
Bind rule type: permission
Subtree: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
Extra target filter:
(memberOf=cn=taphostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com)
Type: host
Granted to Privilege: tap-hostgroup-privilege
Indirect Member of roles: taphostgroup-role
Many thanks,Deepak
> Date: Tue, 30 Aug 2016 13:27:59 +0300
> From: [email protected]
> To: [email protected]
> CC: [email protected]
> Subject: Re: [Freeipa-users] Permission not working as expected
>
> On Tue, 30 Aug 2016, Deepak Dimri wrote:
> >I did try the exact steps from the blog but alas still it did not work.
> >getting same error :(
> I don't give rights to write to 'member' attribute in the blog. You have
> to adopt to your situation, obviously.
>
> --
> / Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
