On Tue, 30 Aug 2016, Deepak Dimri wrote:
Hi Alexander, i did try adding the "member" effective attribute in GUI and also from the command prompt But the error is not going away when i try to delete the host from my taphostgroup. for me it only works if i have (&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then the i am allowed access to all the hosts in all the hostgroup :( I am kinda stuck with this issue. Would be great if you can suggest any further headway!
Isn't this is what you wanted: a user has ability to manage all hosts in the host group but not other hosts.
-- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
