Show Table of Contents
B.5. Vaults
B.5.1. Users Cannot Access Their Vault Due To Insufficient 'add' Privilege
A user is unable to access his or her own user vault or add new user vaults. The following error message appears:
ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add the entry 'cn=testvault,cn=user,cn=users,cn=vaults,cn=kra,dc=example,dc=com'.
What this means:
The user's vault container is owned by another user. Typically, this situation occurs after another user, such as
admin
, creates the first user vault for the first user. The first user then cannot access any vaults in his or her own vault container.
To fix the problem:
Add the intended user as the owner of the vault container:
- Log in as
admin
.$
kinit admin
- Add user as the container owner:
$
ipa vaultcontainer-add-owner --user=user --users=user
Owner users: admin, user Vault user: user ------------------------ Number of owners added 1 ------------------------Bothadmin
and user now have access to the user's vault container because they are both the owners of the container. - Optional. Verify that the user can now create a new user vault:
$
kinit user
$ipa vault-add testvault2
------------------------ Added vault "testvault2" ------------------------