From 65c74d2f4a934637134bf17986d0530a88fbccb8 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Thu, 13 Oct 2016 16:12:41 +0000
Subject: [PATCH] Grant permissions to fas_sync

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/ipa/files/configure-ipa.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/ipa/files/configure-ipa.sh b/roles/ipa/files/configure-ipa.sh
index 44880213ea..eca8875f25 100644
--- a/roles/ipa/files/configure-ipa.sh
+++ b/roles/ipa/files/configure-ipa.sh
@@ -20,6 +20,9 @@ done
 # Create fas_sync user
 ipa user-add fas_sync --first=FAS --last=Sync
 
+# Allow sync user to create and edit users
+ipa group-add-member admins --users=fas_sync
+
 # Allow sync user to update passwords
 ldapmodify -x -D "cn=Directory Manager" -w "$DM_PASSWORD" -h localhost -p 389 <<EOF
 dn: cn=ipa_pwd_extop,cn=plugins,cn=config