On 10/9/18 9:39 AM, Peter Tselios via FreeIPA-users wrote:
Hello,
I want to create an automember rule for my IPA Clients.
The regular expression is tested in the https://regex101.com/ and it matches my
sample FQDNs.
On the IPA server, I have created the Automember --> Host --> Rules rule with
the same RegEx.
I tried the following:
=============================================================================
Automember Rule: nn-stg1-aws
Description: Automatic Group Membership rule for Staging servers in SD North
Inclusive Regex:
fqdn=[agb]{1}\d{2}[cC]\d{2}[aA][bB][a-zA-Z]\d{3}\.example\.com
=============================================================================
The regular expression muches the hostname a01c03abn001.example.com
However, when I add the host, it is not added in the hostgroup!
Hi,
did you add the host before or after you created the automember rule? If
the host was defined before, then you need to rebuild automembership as
the rule applies only to hosts created after the rule was added. See [1]
Applying Automember Rules to Existing Users and Hosts.
If the rule was added before the host, then you can check the following:
$ ipa host-show --raw a01c03abn001.example.com
This command will print the LDAP attributes of the host entry. If you
want to know the DN of the entry, use:
$ ipa host-show --all a01c03abn001
I tried your regexp with your hostname, and it's working for me. Which
version of FreeIPA are you using?
flo
[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/automember#automember-rebuild
I tried with the following Includesive rules as well:
cn=[agb]{1}\d{2}[cC]\d{2}[aA][bB][a-zA-Z]\d{3}\.example\.com
serverhostname=[agb]{1}\d{2}[cC]\d{2}[aA][bB][a-zA-Z]\d{3}\.example\.com
So, my questions are:
1. Can you please pin-point to me the mistake?
2. How do I see the LDAP entries of the host? I need to understand why the
automember rule fails in order to avoid the same mistake in the future and to
understand how I can form future automember rules.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
