Hide Forgot
Description of problem: When a user logs in for self service, enroll buttons are enabled in the memberof tabs. User can go ahead, and select which groups/roles to enroll himself into. Then when 'Enroll' is clicked - throws error - two: Insufficient access: Insufficient 'write' privilege to the 'member' attribute of entry 'cn=admins,cn=groups,cn=accounts,dc=testrelm'. Version-Release number of selected component (if applicable): ipa-server-2.1.2-2.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add a user, set its passwd, login as this user 2. In the UI, go to Groups tab, can click 'Enroll' 3. Can see groups listed, select some, and click 'Enroll' Actual results: Clicking 'Enroll' throws error: two: Insufficient access: Insufficient 'write' privilege to the 'member' attribute of entry 'cn=admins,cn=groups,cn=accounts,dc=testrelm'. Expected results: The 'Enroll' button should be disabled if this user doesn't have the permissions - on all the tabs under memberof Additional info:
Upstream ticket: https://fedorahosted.org/freeipa/ticket/1972
Related/Similar behaviour - buttons enabled, when user doesn't have the privilege: When a user logs in for self-service, the Add button is enabled. Add a user, and click on 'Add' - error - Insufficient access: Insufficient 'add' privilege to add the entry 'uid=2,cn=users,cn=accounts,dc=testrelm'. Choose a user to delete, and Delet button is enabled. Delete the user - error - Insufficient access: Insufficient 'delete' privilege to delete the entry 'uid=one,cn=users,cn=accounts,dc=testrelm'. Also seeing this when logging in as a user who is enrolled as with role - helpdesk admin. Add/Delete buttons are enabled, when this user can only modify.
The issue in the original description is fixed in master (7710bfb5bdef1faa959b7f9402c2840b5ef65d7e). The issue in comment #4 is covered in this ticket: https://fedorahosted.org/freeipa/ticket/2188
Issue in comment #4 fixed in upstream. master: 0c4500738be7647e852a8e41dd6b6dfd48182908 ipa-2-2: f0fcd0677756020b9da6b6e116d72d92e0683744
verified version ipa-server-2.1.3-9.el6.x86_64 see attached screen shot
Created attachment 578399 [details] screen shot
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html