Hello,
I'm trying to get groups membership working on freeipa 4.12.2 (tried fresh install on Almalinux 9 and 10).
I can add/remove users to/from a group in CLI, but web UI has 'Add' button in group membership pop-up greyed out. I get httpd error 'failed to set perms (3140) on file (/run/ipa/ccaches/admin@mydomain.COM-9UR3mc)!' and playing with directory ownership gets me nowhere. Any advise?
Thanks
Alex I via FreeIPA-users wrote:
Hello,
I'm trying to get groups membership working on freeipa 4.12.2 (tried fresh install on Almalinux 9 and 10).
I can add/remove users to/from a group in CLI, but web UI has 'Add' button in group membership pop-up greyed out. I get httpd error 'failed to set perms (3140) on file (/run/ipa/ccaches/admin@mydomain.COM-9UR3mc)!' and playing with directory ownership gets me nowhere. Any advise?
That error is a red herring. It is unrelated.
I'm guessing the webui isn't detecting your elevated permissions. How is your user configured?
rob
Initially I used existing ipa user 'admin' (there is a local linux admin user as well, perhaps it's the same thing). I also added this ipa admin user to 'admins' just in case (even though admin user already had 'User Administrator' role). As I said, I could do all groups editing in linux shell with ipa group-add-member etc, and I can add/delete users in Web UI.
To isolate the problem I then created a new user (no local server account) and added it to both ipa 'admins' group and assigned 'User Administrator' role. Same effect - all works in bash, but still 'Add' button greyed out in Web UI. I even installed 'Server with GUI' on my linux VM and tried Firefox on the same Linux machine, same thing...
Hi,
can you please be more specific, about which user membership are we talking about, what's the URL, which buttons are you navigating etc?
I'm assuming, you are on https://ipa.demo.test/ipa/ui/#/e/user/memberof_group/w, instead of ipa.demo.test you're seeing your machine's hostname, and instead of w, you are seeing your own user. There you clicked on Add, the Add lists Available and Prospective, for the Add button to be enabled, you check the groups on left side, then move those to the right side using the arrow in the middle (it is not enough to just check the groups you want to add the user to, you need to transfer them to the right side!). Then the Add button should be enabled. If that's not the page, then I will need you to be a little bit more specific.
Hi David, OMFG!!! I'm supposed to add user to 'Perspective'?!!!! Well, I feel so stupid... But wow that interface, OMFG!!!
Thank you!!!
freeipa-users@lists.fedorahosted.org
-
Alex I -
David Hanina -
Rob Crittenden