On 08/02/2012 05:14 AM, Loris Santamaria wrote:
Hi, I added a user to the User Administrator Role and when I do a
kinit with this user I can use the ipa user* and ipa group* commands
as expected to add, modify and delete groups.
However from the IPA Web UI, logging in with the login form, I can see
only the Identity-Users tab. I can modify users, except for group
membership, but I can't create or delete users and I cannot create or
delete groups.
Is this an expected limitation of the web UI, a bug or a
misconfiguration? Where I could start debugging this?
Thanks
It should work.
There is a bug when user is indirect member of a role. It will be fixed
in 3.0 beta 2. https://fedorahosted.org/freeipa/ticket/2899
User should see full interface when he is a member of any role or a
member or indirect member of group 'admins'.
To debug this you can inspect 'IPA.whoami' object in browser's console
(press F12 in most browsers or CTRL+SHIFT+K in latest Firefox in Fedora)
after successful login. Look for 'admin' in memberof_group,
memberofindirect_group or anything in memberof_role.
--
Petr Vobornik
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users