On 03/20/2015 09:16 AM, Andrew Holway wrote:
I'd like to find our what the minimum role would be to allow a user to join
a new client to freeipa.
Currently our enrol command looks like:
ipa-client-install --force-join --enable-dns-updates -U -p admin -w
AFAIK there is 'Host Enrollment' privilege created during IPA server
installation. You need to create new role and add this privilege to the
newly created role.
The role can then be assigned to any user or group. User with this
privilege have enough permissions to enroll a host to IPA domain.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project