If an operation failed due to insufficient access the operation itself will return a success and the error messages will be returned in the 'result.failed' attribute.
Currently the UI only checks the 'error' attribute, but since in this case the attribute is empty the UI will not show any failures. The UI should show all error messages returned in the 'result.failed' attribute.
The CLI doesn't have this issue:
# kinit tuser # ipa group-add-member editors --groups=tuser Group name: editors Description: Limited admins who can edit other users GID: 484600002 Failed members: member group: tuser: Insufficient access: Insufficient 'write' privilege to the ' member' attribute of entry 'cn=editors,cn=groups,cn=accounts,dc=idm,dc=lab,dc=bos,dc= redhat,dc=com'. ------------------------- Number of members added 0 -------------------------
However, the error log probably needs to be fixed because it doesn't show any failures:
[Fri Aug 12 12:34:30 2011] [error] ipa: INFO: tuser@IDM.LAB.BOS.REDHAT.COM: group_add _member(u'editors', all=False, raw=False, version=u'2.11', group=(u'tuser',)): SUCCES S
master: - f98b05a - e538288
ipa-2-1: - 37cef6f - 5ba0be2
Metadata Update from @edewata: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 2.1.1 (bug fixing)
Login to comment on this ticket.