Using PWM REST to user's password in FreeIPA

205 views

Skip to first unread message

aaron...@nesi.org.nz

unread,

Nov 16, 2017, 7:20:04 PM11/16/17

to pwm-general

Hello the group,

I have set up FreeIPA and it's working fine.

I've followed the instructions here: https://gist.github.com/PowerWagon/d794a1233d7943f1614d2ae5223e678a

...well, almost, I used Tomcat 8 and have redirected https://pwm.local/pwm to http://pwm.local:8180/pwm with apache.

I have the pwmproxy account set up as per the gist.

I also have a pwmrest account set up, but they're a "Password Administrator" with permissions to modify other users passwords via the "System: Change User password" permission.

Both the pwmproxy and pwmrest accounts can set account passwords from the command line with both

ipa passwd username
ipa user_mod username --setattr userpassword="password"

We have the REST API working except setpassword which returns the following response:

setpassword using pwmrest:{"error":true,"errorCode":5027,"errorMessage":"You do not have permission to perform the requested action."}

Are we missing something to allow the setpassword REST command to work?

Regards,

Aaron Hicks

Reply all

Reply to author

Forward

0 new messages