Nathanaël Blanchet via FreeIPA-users wrote: > Hello, > > I try to order my host list by filtering out the enrollment field. > > I tried *ipa host-show vm500-dev.couchant.abes.fr --all* > > and I can get the keytab param to false, which seems to be the > equivalent of non enrollment. > > Now I try to find an option to *ipa host-find* to filter out all those > non enrolled hosts but none such option seems to exist. > > My goal is to create a loop with correspondant hostnames to delete such > hosts.
The API doesn't provide for a way to search on enrolled but you can do it a few different ways using ldapsearch. The reason is that it is expensive to do so as we do an existence check to determine whether a host is enrolled or not. Here is how I would do it: $ kinit admin $ ldapsearch -LLL -Y GSSAPI -b cn=computers,cn=accounts,dc=example,dc=test "(&(objectclass=ipahost)(!(krblastpwdchange=*)))" fqdn Basically search for hosts (a few other objects live there too) and those with no last kerberos password change set. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
