Hi Alexander,
i did try adding the "member" effective attribute in GUI and also from the 
command prompt But the error is not going away when i try to delete the host 
from my taphostgroup. for me it only works if i have 
(&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then the i am 
allowed access to all the hosts in all the hostgroup :( I am kinda stuck with 
this issue.  Would be great if you can suggest any further headway!








 ipa permission-mod manage-taphostgroup 
--attrs={'userPassword','description','nshardwareplatform','nsosversion','usercertificate','userclass','macaddress','ipaassignedidview','ipasshpubkey','member'}
-----------------------------------------
Modified permission "manage-taphostgroup"
-----------------------------------------
  Permission name: manage-taphostgroup
  Granted rights: all
  Effective attributes: description, ipaassignedidview, ipasshpubkey, 
macaddress, member, nshardwareplatform, nsosversion, userPassword, 
usercertificate, userclass
  Bind rule type: permission
  Subtree: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
  Extra target filter: 
(memberOf=cn=taphostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com)
  Type: host
  Granted to Privilege: tap-hostgroup-privilege
  Indirect Member of roles: taphostgroup-role
Many thanks,Deepak
> Date: Tue, 30 Aug 2016 13:27:59 +0300
> From: aboko...@redhat.com
> To: deepak_di...@hotmail.com
> CC: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Permission not working as expected
> 
> On Tue, 30 Aug 2016, Deepak Dimri wrote:
> >I did try the  exact steps from the blog but alas still it did not work. 
> >getting same error :(
> I don't give rights to write to 'member' attribute in the blog. You have
> to adopt to your situation, obviously.
> 
> -- 
> / Alexander Bokovoy
                                          
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to