On 5 November 2015 at 16:18, Rob Crittenden <> wrote:

> Andrew Holway wrote:
> > Some time ago I saw an article on how to set up a user that can only
> > enrol clients into freeipa.
> >
> > Does anyone have information on how to do this because we're currently
> > using the admin user and this is a bit scary.
> Create a role for enrolling hosts and add the privilege 'Host
> Enrollment' to it.
> Note that 'Host Enrollment' is VERY specific. It only enrolls host. It
> will not create host entries. If you want to be able to do that as well
> then you'll need the 'Add Hosts' permission. I guess I'd create a new
> privilege and add that permission, then add that privilege to the role
> you create.
> Some folks add the existing 'Host Administrators' privilege instead but
> IMHO that is a bit broad.
> rob
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to