A fairly common question comes up: How can I create a user specific to doing client enrollment?
There is a privilege already, "Host Enrollment". I'm not sure if this remains sufficient these days.
So all that may be needed is adding a pre-canned role for this with this privilege assigned, and testing to ensure it provides the required permissions.
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.6 - Issue tagged with: easyfix
Good thing would be also to create integration test which would try client enrollment with the new role.
@tdudlak You might look at this ticket. Implementing it is easy. The test is more difficult.
Metadata Update from @pvoborni: - Issue tagged with: rfe
See also #6870 or #3613
Metadata Update from @tdudlak: - Issue assigned to tdudlak
master:
Metadata Update from @mbabinsk: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.