Hi Alexander,
i did try adding the "member" effective attribute in GUI and also from the 
command prompt But the error is not going away when i try to delete the host 
from my taphostgroup. for me it only works if i have 
(&(cn=taphostgroup)(objectclass=ipaobject)) in the --filter, BUT then the i am 
allowed access to all the hosts in all the hostgroup :( I am kinda stuck with 
this issue.  Would be great if you can suggest any further headway!

 ipa permission-mod manage-taphostgroup 
Modified permission "manage-taphostgroup"
  Permission name: manage-taphostgroup
  Granted rights: all
  Effective attributes: description, ipaassignedidview, ipasshpubkey, 
macaddress, member, nshardwareplatform, nsosversion, userPassword, 
usercertificate, userclass
  Bind rule type: permission
  Subtree: cn=computers,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com
  Extra target filter: 
  Type: host
  Granted to Privilege: tap-hostgroup-privilege
  Indirect Member of roles: taphostgroup-role
Many thanks,Deepak
> Date: Tue, 30 Aug 2016 13:27:59 +0300
> From: aboko...@redhat.com
> To: deepak_di...@hotmail.com
> CC: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] Permission not working as expected
> On Tue, 30 Aug 2016, Deepak Dimri wrote:
> >I did try the  exact steps from the blog but alas still it did not work. 
> >getting same error :(
> I don't give rights to write to 'member' attribute in the blog. You have
> to adopt to your situation, obviously.
> -- 
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to