On Tue, 30 Aug 2016, Deepak Dimri wrote:
Hi Alexander, Thanks for the reply i tried exact steps below but it still not working. the admin user added to new role and privilege we have created is getting an error when trying to add or remove host of myhostgroup. ip-172-31-29-153.us-west-2.compute.internal: Insufficient access: Insufficient 'write' privilege to the 'member' attribute of entry 'cn=myhostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com'. not sure if DN (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test) would make any difference? I also noticed i dont get Permission flags: V2, SYSTEM in my ipa output. not sure if that would make any difference I would really appreciate if this can be resolved...
Read the other emails I sent in this thread.
The whole story is here: https://vda.li/en/posts/2016/08/30/Creating-permissions-in-FreeIPA/ -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project