Not a problem, here is the output

ipa automember-find --type=hostgroup
---------------
1 rules matched
---------------
  Automember Rule: test-group
  Inclusive Regex: enrolledby=build
----------------------------
Number of entries returned 1
----------------------------



Thanks, 
_____________________________________________________
John Moyer


On Apr 30, 2013, at 1:48 PM, JR Aquino <jr.aqu...@citrix.com> wrote:

> On Apr 30, 2013, at 10:43 AM, John Moyer <john.mo...@digitalreasoning.com>
> wrote:
> 
>> One thing to add is that this build user only has the following access: 
>> 
>> Host Administrators
>> Host enrollment 
>> 
>> Would he need more access to do the membership?  My original thought was 
>> that technically the user is not doing the addition to the group it's the 
>> system technically doing it so there shouldn't be a permissions issue. 
>> 
> 
> The user's roles shouldn't really matter to the best of my knowledge (Nathan 
> Kinder may need to refresh my memory), but the 389 plugin, should be catching 
> the insertion of the new object, then match the watched-attribute, and 
> execute the hostgroup assignment based upon the rights of the plugin rather 
> than that of the user.
> 
> Would it be possible to ask you to do an automember-find --type=hostgroup on 
> the CLI and send it back to the thread?
> 
> If we are missing something or if we have any bugs in there, we need to get 
> them identified and fixed.
> 
> 
>> Thanks, 
>> _____________________________________________________
>> John Moyer
>> On Apr 30, 2013, at 1:21 PM, JR Aquino <jr.aqu...@citrix.com> wrote:
>> 
>>> 
>>> On Apr 30, 2013, at 9:30 AM, John Moyer 
>>> <john.mo...@digitalreasoning.com<mailto:john.mo...@digitalreasoning.com>> 
>>> wrote:
>>> 
>>> Anyone have any suggestions to using the auto member function in IPA?  I've 
>>> tried to set it up so if a server is enrolled by a user called "build" then 
>>> it should add it to a specific server group.   I put in an inclusive rule 
>>> and the expression is just "build", but it doesn't work.  Do I need to 
>>> specify more than just build in the expression area?
>>> 
>>> 
>>> That -should- be enough to catch new hosts that are built by the 'build' 
>>> user.
>>> 
>>> Can you verify that the Attribute you are matching on is: "enrolledby" ?
>>> 
>>> 
>>> "Keeping your head in the cloud"
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> Jr Aquino | Sr. Information Security Specialist
>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
>>> GCIH | GIAC Certified Incident Handler
>>> GWAPT | GIAC WebApp Penetration Tester
>>> 
>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA 
>>> 93117<x-apple-data-detectors://0/0>
>>> T:  +1 805.690.3478<tel:+1%C2%A0805.690.3478>
>>> C: +1 805.717.0365<tel:+1%20805.717.0365>
>>> jr.aqu...@citrix.com<mailto:jr.aqu...@citrixonline.com>
>>> http://www.citrixonline.com<http://www.citrixonline.com/>
>>> 
>>> "Keeping your head in the cloud"
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>> Jr Aquino | Sr. Information Security Specialist
>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
>>> GCIH | GIAC Certified Incident Handler
>>> GWAPT | GIAC WebApp Penetration Tester
>>> 
>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA 
>>> 93117<x-apple-data-detectors://0/0>
>>> T:  +1 805.690.3478<tel:+1%C2%A0805.690.3478>
>>> C: +1 805.717.0365<tel:+1%20805.717.0365>
>>> jr.aqu...@citrix.com<mailto:jr.aqu...@citrixonline.com>
>>> http://www.citrixonline.com<http://www.citrixonline.com/>
>>> 
>>> 
>>> 
>>> Thanks,
>>> _____________________________________________________
>>> John Moyer
>>> 
>>> 
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> 
>> 
> 


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to