#7570 Create a system permission for access to radius proxy entries
Closed: fixed 10 months ago Opened a year ago by frenaud.

Request for enhancement

As non-admin with privileges allowing to create/modify users and groups, I want to create a user and specify its radius server with ipa user-add|mod ... --radius=<proxy>

Actual behavior

The command fails looking for the radius server because of ACI issues.

$ ipa user-add nonadmin --first nonadmin --last nonadmin --password
$ ipa role-add-member 'User Administrator' --users=nonadmin
$ ipa radiusproxy-add --desc "My Radius Proxy" --server radius.example.com myradius

$ kinit nonadmin
$ ipa user-add test --first test --last test --radius-username test --radius myradius
ipa: ERROR: no matching entry found

Expected behavior

FreeIPA should define permissions, privileges and roles so that the admin can easily allow another user to define the radius server used by a user.


Metadata Update from @frenaud:
- Issue set to the milestone: FreeIPA 4.6.5

a year ago

Metadata Update from @frenaud:
- Issue assigned to frenaud

10 months ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/2530

10 months ago

master:

  • 19cd960 ipa user-add: add optional objectclass for radius-username
  • 1c2c2ee tests: add xmlrpc test for ipa user-add --radius-username
  • 5d603fc radiusproxy: add permission for reading radius proxy servers
  • da4c12c ipatests: add integration test for "Read radius servers" perm

ipa-4-6:

  • d5eabd5 ipa user-add: add optional objectclass for radius-username
  • d6043c7 tests: add xmlrpc test for ipa user-add --radius-username
  • 3f56ae4 radiusproxy: add permission for reading radius proxy servers
  • 97133bb ipatests: add integration test for "Read radius servers" perm

ipa-4-7:

  • 79b7f07 ipa user-add: add optional objectclass for radius-username
  • 10ccc3b tests: add xmlrpc test for ipa user-add --radius-username
  • 22be7b4 radiusproxy: add permission for reading radius proxy servers
  • 918dbdf ipatests: add integration test for "Read radius servers" perm

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

10 months ago

Login to comment on this ticket.

Metadata