The automember plugin doesn't define typical system permissions for delegating the CRUD operations against automember rules.
A user asked about this and I came up with this pretty quickly. It is incomplete.
ipa permission-add 'Add Automember Rule' --right add --type automember ipa permission-add 'Delete Automember Rule' --right delete --type automember ipa permission-add 'Modify Automember Rule' --right write --type automember --attrs automemberinclusiveregex --attrs automemberexclusiveregex --attrs description
A rule is also needed so the default group can be set.
The modify rule doesn't allow cn to be changed so a rule can't be renamed.
There are probably other oversights as well.
Metadata Update from @pcech: - Issue tagged with: Falcon
Login to comment on this ticket.