====== Usuário com permissão de leitura para ingressar serviços ======
<code bash>
ipa role-show "User Administrator" --all --raw
</code>

<code bash>
ipa group-add enrolladm --desc "LDAP authentication for services" --nonposix
ipa role-add-member "User Administrator" --groups=enrolladm
</code>

<code bash>
echo "senha" | ipa user-add webadm --first=Web --last=Administrator --title="Enroll WebService" --password
ipa user-mod --shell=/bin/false webadm
</code>

<code bash>
ipa group-remove-member --users=webadm ipausers
ipa group-add-member enrolladm --users=webadm
</code>

<code bash>
kinit webadm
ipa user-show webadm --all
</code>

<code bash>
ipa user-del webadm
ipa group-del enrolladm
</code>