On 11/11/2013 11:14 PM, Stephen Benjamin wrote:
> Hi,
> 
> I've been working on getting Foreman and my FreeIPA instance completely 
> integrated: 
> 
> https://bitbin.de/blog/2013/11/foreman-freeipa-integration-guide/
> 
> But I have an issue, I have a user that has limited roles for Host 
> Enrollment, including
> "Add Host" and "Remove Host" permissions.  Remove Host doesn't work like I 
> expect:
> 
> $ ipa host-del testbuild.bitbin.de
> ipa: ERROR: Insufficient access: not allowed to perform this command
> Failed while deleting host from IPA.
> 
> Logs:
> 
>    [Mon Nov 11 23:03:35 2013] [error] ipa: INFO: registrat...@bitbin.de: 
> host_del((u'testbuild.bitbin.de',), updatedns=False): ACIError
> 
> Is there an additional permission I need?  I tried a bunch of different 
> permissions
> but I couldn't figure out the right one to give.

There should not be any additional permission required. I tested the procedure
according to your log and deleting hosts as "foreman" user worked for me. Can
you please send the role and privilege entry so that I can check for 
correctness?

# ipa role-show "Host Enrollment"
# ipa privilege-show "Host Enrollment"

Thanks.
Martin

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to