Project

General

Profile

Actions

Bug #8926

closed

foreman-prepare-realm on EL6 fails to set correct permissions for ipa-server-4

Added by Josh Baird about 9 years ago. Updated almost 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Realm
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

When running the 'foreman-prepare-realm' script on a EL6 host against a FreeIPA/IdM 4 server, the script will set the incorrect permissions and cause the 'Add Host Enrollment' action to fail:

[Tue Jan 13 08:09:36.467528 2015] [:error] [pid 8158] ipa: INFO: [xmlserver] : host_add(u'imqa-d1-cl01.corp.follett.com', random=1, setattr=(u'userclass=role-corp-base',), force=1, version=u'2.51'): ACIError


Related issues 1 (0 open1 closed)

Related to Smart Proxy - Bug #18850: FreeIPA REALM > Insufficient 'add' privilege to the 'userPassword' attributeDuplicate03/08/2017Actions
Actions #1

Updated by Dominic Cleal about 9 years ago

  • Project changed from Foreman to Smart Proxy
  • Category changed from Realm to Realm
Actions #2

Updated by Josh Baird about 9 years ago

Actual error in ipa log:

[Tue Jan 13 08:09:36.467641 2015] [:error] [pid 8158] ipa: DEBUG: response: ACIError: Insufficient access: Insufficient 'add' privilege to the 'userPassword' attribute

Actions #3

Updated by Stephen Benjamin about 9 years ago

Thanks! Looks like I need to figure out the IPA server version based on 'ipa ping' instead of 'ipa --version'.

If anyone else comes here looking for a solution, for now copy foreman-prepare-realm to a server running IPA v4 tools (e.g. the IPA server itself), and run the script from there.

Actions #4

Updated by Anonymous about 7 years ago

  • Related to Bug #18850: FreeIPA REALM > Insufficient 'add' privilege to the 'userPassword' attribute added
Actions #5

Updated by Yama Kasi about 7 years ago

Stephen Benjamin wrote:

Thanks! Looks like I need to figure out the IPA server version based on 'ipa ping' instead of 'ipa --version'.

If anyone else comes here looking for a solution, for now copy foreman-prepare-realm to a server running IPA v4 tools (e.g. the IPA server itself), and run the script from there.

As this is my setup it didn't fix it. Any other solution for now ?

Actions #6

Updated by Anonymous about 7 years ago

You copied the script to the ipa server and executed it there, and it didn't fix the issue?

Actions #7

Updated by Yama Kasi about 7 years ago

Dmitri Dolguikh wrote:

You copied the script to the ipa server and executed it there, and it didn't fix the issue?

The proxy is installed on the IPA server so it's runned there.

Actions #8

Updated by Anonymous almost 7 years ago

What's the status here?

Actions #9

Updated by Anonymous almost 7 years ago

  • Status changed from New to Resolved

no reaction, closing

Actions

Also available in: Atom PDF