On Apr 30, 2013, at 10:43 AM, John Moyer <john.mo...@digitalreasoning.com>
 wrote:

> One thing to add is that this build user only has the following access: 
> 
> Host Administrators
> Host enrollment 
> 
> Would he need more access to do the membership?  My original thought was that 
> technically the user is not doing the addition to the group it's the system 
> technically doing it so there shouldn't be a permissions issue. 
> 

The user's roles shouldn't really matter to the best of my knowledge (Nathan 
Kinder may need to refresh my memory), but the 389 plugin, should be catching 
the insertion of the new object, then match the watched-attribute, and execute 
the hostgroup assignment based upon the rights of the plugin rather than that 
of the user.

Would it be possible to ask you to do an automember-find --type=hostgroup on 
the CLI and send it back to the thread?

If we are missing something or if we have any bugs in there, we need to get 
them identified and fixed.


> Thanks, 
> _____________________________________________________
> John Moyer
> On Apr 30, 2013, at 1:21 PM, JR Aquino <jr.aqu...@citrix.com> wrote:
> 
>> 
>> On Apr 30, 2013, at 9:30 AM, John Moyer 
>> <john.mo...@digitalreasoning.com<mailto:john.mo...@digitalreasoning.com>> 
>> wrote:
>> 
>> Anyone have any suggestions to using the auto member function in IPA?  I've 
>> tried to set it up so if a server is enrolled by a user called "build" then 
>> it should add it to a specific server group.   I put in an inclusive rule 
>> and the expression is just "build", but it doesn't work.  Do I need to 
>> specify more than just build in the expression area?
>> 
>> 
>> That -should- be enough to catch new hosts that are built by the 'build' 
>> user.
>> 
>> Can you verify that the Attribute you are matching on is: "enrolledby" ?
>> 
>> 
>> "Keeping your head in the cloud"
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Jr Aquino | Sr. Information Security Specialist
>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
>> GCIH | GIAC Certified Incident Handler
>> GWAPT | GIAC WebApp Penetration Tester
>> 
>> Citrix Online | 7408 Hollister Avenue | Goleta, CA 
>> 93117<x-apple-data-detectors://0/0>
>> T:  +1 805.690.3478<tel:+1%C2%A0805.690.3478>
>> C: +1 805.717.0365<tel:+1%20805.717.0365>
>> jr.aqu...@citrix.com<mailto:jr.aqu...@citrixonline.com>
>> http://www.citrixonline.com<http://www.citrixonline.com/>
>> 
>> "Keeping your head in the cloud"
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Jr Aquino | Sr. Information Security Specialist
>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
>> GCIH | GIAC Certified Incident Handler
>> GWAPT | GIAC WebApp Penetration Tester
>> 
>> Citrix Online | 7408 Hollister Avenue | Goleta, CA 
>> 93117<x-apple-data-detectors://0/0>
>> T:  +1 805.690.3478<tel:+1%C2%A0805.690.3478>
>> C: +1 805.717.0365<tel:+1%20805.717.0365>
>> jr.aqu...@citrix.com<mailto:jr.aqu...@citrixonline.com>
>> http://www.citrixonline.com<http://www.citrixonline.com/>
>> 
>> 
>> 
>> Thanks,
>> _____________________________________________________
>> John Moyer
>> 
>> 
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> 
> 


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to