Ok, I am not sure how this works:
I created this user, called biding. I want it to be able to create users on
FreeIPA, mailing by biding Keycloak to it.
So I created the role:
[francis@freeipa]~% ipa role-show
Role name: Keycloak biding
Role name: Keycloak biding
Member users: biding
Privileges: User Administrators, Group Administrators, Stage User
Administrators, Stage User Provisioning, Modify Users and Reset
passwords, Modify Group membership, Keycloak admin
Yes, too many roles, because it simply wasn’t doing it. Keycloak would fail
saying the user didn’t have permissions.
So what I did was to add this user to the admin group. Then it created users.
But not even my admin user can delete those users created that way.
Why isn’t this working? And why when giving it permissions it is creating
objects that simply can’t be read by my previous biding users?
Best,
Francis
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
