On 08/02/2012 05:14 AM, Loris Santamaria wrote:
Hi, I added a user to the "User Administrator Role" and when I do a
kinit with this user I can use the "ipa user*" and "ipa group*" commands
as expected to add, modify and delete groups.
However from the IPA Web UI, logging in with the login form, I can see
only the Identity->Users tab. I can modify users, except for group
membership, but I can't create or delete users and I cannot create or
Is this an expected limitation of the web UI, a bug or a
misconfiguration? Where I could start debugging this?
It should work.
There is a bug when user is indirect member of a role. It will be fixed
in 3.0 beta 2. https://fedorahosted.org/freeipa/ticket/2899
User should see full interface when he is a member of any role or a
member or indirect member of group 'admins'.
To debug this you can inspect 'IPA.whoami' object in browser's console
(press F12 in most browsers or CTRL+SHIFT+K in latest Firefox in Fedora)
after successful login. Look for 'admin' in memberof_group,
memberofindirect_group or anything in memberof_role.
Freeipa-users mailing list