Not a problem, here is the output ipa automember-find --type=hostgroup --------------- 1 rules matched --------------- Automember Rule: test-group Inclusive Regex: enrolledby=build ---------------------------- Number of entries returned 1 ----------------------------
Thanks, _____________________________________________________ John Moyer On Apr 30, 2013, at 1:48 PM, JR Aquino <[email protected]> wrote: > On Apr 30, 2013, at 10:43 AM, John Moyer <[email protected]> > wrote: > >> One thing to add is that this build user only has the following access: >> >> Host Administrators >> Host enrollment >> >> Would he need more access to do the membership? My original thought was >> that technically the user is not doing the addition to the group it's the >> system technically doing it so there shouldn't be a permissions issue. >> > > The user's roles shouldn't really matter to the best of my knowledge (Nathan > Kinder may need to refresh my memory), but the 389 plugin, should be catching > the insertion of the new object, then match the watched-attribute, and > execute the hostgroup assignment based upon the rights of the plugin rather > than that of the user. > > Would it be possible to ask you to do an automember-find --type=hostgroup on > the CLI and send it back to the thread? > > If we are missing something or if we have any bugs in there, we need to get > them identified and fixed. > > >> Thanks, >> _____________________________________________________ >> John Moyer >> On Apr 30, 2013, at 1:21 PM, JR Aquino <[email protected]> wrote: >> >>> >>> On Apr 30, 2013, at 9:30 AM, John Moyer >>> <[email protected]<mailto:[email protected]>> >>> wrote: >>> >>> Anyone have any suggestions to using the auto member function in IPA? I've >>> tried to set it up so if a server is enrolled by a user called "build" then >>> it should add it to a specific server group. I put in an inclusive rule >>> and the expression is just "build", but it doesn't work. Do I need to >>> specify more than just build in the expression area? >>> >>> >>> That -should- be enough to catch new hosts that are built by the 'build' >>> user. >>> >>> Can you verify that the Attribute you are matching on is: "enrolledby" ? >>> >>> >>> "Keeping your head in the cloud" >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> Jr Aquino | Sr. Information Security Specialist >>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>> GCIH | GIAC Certified Incident Handler >>> GWAPT | GIAC WebApp Penetration Tester >>> >>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>> 93117<x-apple-data-detectors://0/0> >>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>> [email protected]<mailto:[email protected]> >>> http://www.citrixonline.com<http://www.citrixonline.com/> >>> >>> "Keeping your head in the cloud" >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> Jr Aquino | Sr. Information Security Specialist >>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>> GCIH | GIAC Certified Incident Handler >>> GWAPT | GIAC WebApp Penetration Tester >>> >>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>> 93117<x-apple-data-detectors://0/0> >>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>> [email protected]<mailto:[email protected]> >>> http://www.citrixonline.com<http://www.citrixonline.com/> >>> >>> >>> >>> Thanks, >>> _____________________________________________________ >>> John Moyer >>> >>> >>> _______________________________________________ >>> Freeipa-users mailing list >>> [email protected]<mailto:[email protected]> >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> >> > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
