Re: [Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute

2017-03-14 Thread Matt .
Hi Rob, I have this solved, I think it was an issue in the foreman-proxy. The reason why there are two users in the role was to test other usernames, as you cannot use foreman-proxy for this for an example. I need to update the Foreman ticket about it. Thanks for helping out. Cheers, Matt

Re: [Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute

2017-03-14 Thread Rob Crittenden
Matt . wrote: > Hi Rob, > > Thanks for the update, the same error happens when I add a new host, > so I'm lost, the same for the Foreman devs. > > What can I check/test further ? See what 389-ds is logging in its access log. You may need to enable ACI summary debugging. See the 389-ds FAQ for

Re: [Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute

2017-03-10 Thread Matt .
Hi Rob, Thanks for the update, the same error happens when I add a new host, so I'm lost, the same for the Foreman devs. What can I check/test further ? Thanks, Matt 2017-03-10 21:20 GMT+01:00 Rob Crittenden : > Matt . wrote: >> Hi Rob, >> >> Thanks, but what do you mean

Re: [Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute

2017-03-10 Thread Rob Crittenden
Matt . wrote: > Hi Rob, > > Thanks, but what do you mean here ? The Foreman has a script which > should be OK for it: > > https://github.com/theforeman/smart-proxy/blob/develop/sbin/foreman-prepare-realm > > Can you check this maybe ? Like I said, it's wrong. add grants the ability to add new

Re: [Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute

2017-03-10 Thread Matt .
Hi Rob, Thanks, but what do you mean here ? The Foreman has a script which should be OK for it: https://github.com/theforeman/smart-proxy/blob/develop/sbin/foreman-prepare-realm Can you check this maybe ? Thanks, Matt 2017-03-10 17:21 GMT+01:00 Rob Crittenden : > Matt .

Re: [Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute

2017-03-10 Thread Rob Crittenden
Matt . wrote: > I'm trying to add a host using Foreman to the FreeIPA realm but this > doesn't work, all things seem to be fine and some other tests from > people are working: > > The issue is reported here: http://projects.theforeman.org/issues/18850 > > > My settings are like this: > > >

[Freeipa-users] Foreman => Insufficient 'add' privilege to the 'userPassword' attribute

2017-03-09 Thread Matt .
I'm trying to add a host using Foreman to the FreeIPA realm but this doesn't work, all things seem to be fine and some other tests from people are working: The issue is reported here: http://projects.theforeman.org/issues/18850 My settings are like this: [root@ipa-01 ~]# ipa role-find