B.5. Vaults
B.5.1. Users Cannot Access Their Vault Due To Insufficient 'add' Privilege
A user is unable to access his or her own user vault or add new user vaults. The following error message appears:
ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add the entry 'cn=testvault,cn=user,cn=users,cn=vaults,cn=kra,dc=example,dc=com'.
What this means:
The user's vault container is owned by another user. Typically, this situation occurs after another user, such as
admin
, creates the first user vault for the first user. The first user then cannot access any vaults in his or her own vault container.
To fix the problem:
Add the intended user as the owner of the vault container:
- Log in as
admin
.$ kinit admin
- Add user as the container owner:
$ ipa vaultcontainer-add-owner --user=user --users=user Owner users: admin, user Vault user: user ------------------------ Number of owners added 1 ------------------------
Bothadmin
and user now have access to the user's vault container because they are both the owners of the container. - Optional. Verify that the user can now create a new user vault:
$ kinit user $ ipa vault-add testvault2 ------------------------ Added vault "testvault2" ------------------------