On 04/30/2013 10:48 AM, JR Aquino wrote:
On Apr 30, 2013, at 10:43 AM, John Moyer <[email protected]>
wrote:
One thing to add is that this build user only has the following access:
Host Administrators
Host enrollment
Would he need more access to do the membership? My original thought was that
technically the user is not doing the addition to the group it's the system
technically doing it so there shouldn't be a permissions issue.
The user's roles shouldn't really matter to the best of my knowledge (Nathan
Kinder may need to refresh my memory), but the 389 plugin, should be catching
the insertion of the new object, then match the watched-attribute, and execute
the hostgroup assignment based upon the rights of the plugin rather than that
of the user.
This is correct. The user doesn't matter, as the operation that deals
with the group membership is done internally by the AutoMember plug-in.
Would it be possible to ask you to do an automember-find --type=hostgroup on
the CLI and send it back to the thread?
If we are missing something or if we have any bugs in there, we need to get
them identified and fixed.
Thanks,
_____________________________________________________
John Moyer
On Apr 30, 2013, at 1:21 PM, JR Aquino <[email protected]> wrote:
On Apr 30, 2013, at 9:30 AM, John Moyer
<[email protected]<mailto:[email protected]>> wrote:
Anyone have any suggestions to using the auto member function in IPA? I've tried to set it up so
if a server is enrolled by a user called "build" then it should add it to a specific
server group. I put in an inclusive rule and the expression is just "build", but it
doesn't work. Do I need to specify more than just build in the expression area?
That -should- be enough to catch new hosts that are built by the 'build' user.
Can you verify that the Attribute you are matching on is: "enrolledby" ?
"Keeping your head in the cloud"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino | Sr. Information Security Specialist
GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
GCIH | GIAC Certified Incident Handler
GWAPT | GIAC WebApp Penetration Tester
Citrix Online | 7408 Hollister Avenue | Goleta, CA
93117<x-apple-data-detectors://0/0>
T: +1 805.690.3478<tel:+1%C2%A0805.690.3478>
C: +1 805.717.0365<tel:+1%20805.717.0365>
[email protected]<mailto:[email protected]>
http://www.citrixonline.com<http://www.citrixonline.com/>
"Keeping your head in the cloud"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jr Aquino | Sr. Information Security Specialist
GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
GCIH | GIAC Certified Incident Handler
GWAPT | GIAC WebApp Penetration Tester
Citrix Online | 7408 Hollister Avenue | Goleta, CA
93117<x-apple-data-detectors://0/0>
T: +1 805.690.3478<tel:+1%C2%A0805.690.3478>
C: +1 805.717.0365<tel:+1%20805.717.0365>
[email protected]<mailto:[email protected]>
http://www.citrixonline.com<http://www.citrixonline.com/>
Thanks,
_____________________________________________________
John Moyer
_______________________________________________
Freeipa-users mailing list
[email protected]<mailto:[email protected]>
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
