From 468eb3c712140399ed2ec346ff4356bffd590e09 Mon Sep 17 00:00:00 2001 From: Tibor Dudlák Date: Jun 09 2017 14:37:40 +0000 Subject: Add Role 'Enrollment Administrator' User with the 'Enrollment Administrator' role assigned is able to enroll client with ipa-client-install command. Resolves: https://pagure.io/freeipa/issue/6852 Reviewed-By: Alexander Bokovoy Reviewed-By: Martin Basti --- diff --git a/install/updates/45-roles.update b/install/updates/45-roles.update index fb28464..e1681bf 100644 --- a/install/updates/45-roles.update +++ b/install/updates/45-roles.update @@ -91,3 +91,12 @@ add:member: cn=Security Architect,cn=roles,cn=accounts,$SUFFIX dn: cn=Password Policy Administrator,cn=privileges,cn=pbac,$SUFFIX add:member: cn=Security Architect,cn=roles,cn=accounts,$SUFFIX +dn: cn=Enrollment Administrator,cn=roles,cn=accounts,$SUFFIX +default:objectClass: groupofnames +default:objectClass: nestedgroup +default:objectClass: top +default:cn: Enrollment Administrator +default:description: Enrollment Administrator responsible for client(host) enrollment + +dn: cn=Host Enrollment,cn=privileges,cn=pbac,$SUFFIX +add:member: cn=Enrollment Administrator,cn=roles,cn=accounts,$SUFFIX