IPA version: git master: 76ec938 + patches:
fc69f05 webui: display messages contained in API responses 54a29d6 webui: new navigation structure 791db77 Non IDNA zonename should be normalized to lowercase 69d0979 Restore privileges after forward zones update b9f8d4b ipa-ldap-updater: make possible to use LDAPI with autobind in case of hardened LDAP configuration
This reproduces with latest patches, this is 4.0 blocker.
The same problem exists for user which has permission to modify particular DNS zone but is not a "DNS Administrator".
most-likely ACI problem.
Web UI shows this menu item only if method dns_is_enabled returns true. But it returns false:
dns_is_enabled
true
false
{ "error": null, "result": false, "summary": null, "value": null }
The problem is that dns-is-enabled command searches for DNS services in cn=masters. We will need to allow that for all or prepare a permission.
cn=masters
Patch allowing services in cn=masters for authenticated users fixed the dns-is-enabled command:
master:
Metadata Update from @pspacek: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 4.0 GA
Login to comment on this ticket.