On 08/02/2012 05:14 AM, Loris Santamaria wrote:
Hi, I added a user to the "User Administrator Role" and when I do a
kinit with this user I can use the "ipa user*" and "ipa group*" commands
as expected to add, modify and delete groups.

However from the IPA Web UI, logging in with the login form, I can see
only the Identity->Users tab. I can modify users, except for group
membership, but I can't create or delete users and I cannot create or
delete groups.

Is this an expected limitation of the web UI, a bug or a
misconfiguration? Where I could start debugging this?


It should work.

There is a bug when user is indirect member of a role. It will be fixed in 3.0 beta 2. https://fedorahosted.org/freeipa/ticket/2899

User should see full interface when he is a member of any role or a member or indirect member of group 'admins'.

To debug this you can inspect 'IPA.whoami' object in browser's console (press F12 in most browsers or CTRL+SHIFT+K in latest Firefox in Fedora) after successful login. Look for 'admin' in memberof_group, memberofindirect_group or anything in memberof_role.
Petr Vobornik

Freeipa-users mailing list

Reply via email to