On Apr 30, 2013, at 10:52 AM, John Moyer <[email protected]> wrote:
> Not a problem, here is the output > > ipa automember-find --type=hostgroup > --------------- > 1 rules matched > --------------- > Automember Rule: test-group > Inclusive Regex: enrolledby=build > ---------------------------- > Number of entries returned 1 > ---------------------------- > interesting. When you do an: ipa host-show test-hostname.example.com --all --raw Does it clearly show that enrolledby=build? > > > Thanks, > _____________________________________________________ > John Moyer > > > On Apr 30, 2013, at 1:48 PM, JR Aquino <[email protected]> wrote: > >> On Apr 30, 2013, at 10:43 AM, John Moyer <[email protected]> >> wrote: >> >>> One thing to add is that this build user only has the following access: >>> >>> Host Administrators >>> Host enrollment >>> >>> Would he need more access to do the membership? My original thought was >>> that technically the user is not doing the addition to the group it's the >>> system technically doing it so there shouldn't be a permissions issue. >>> >> >> The user's roles shouldn't really matter to the best of my knowledge (Nathan >> Kinder may need to refresh my memory), but the 389 plugin, should be >> catching the insertion of the new object, then match the watched-attribute, >> and execute the hostgroup assignment based upon the rights of the plugin >> rather than that of the user. >> >> Would it be possible to ask you to do an automember-find --type=hostgroup on >> the CLI and send it back to the thread? >> >> If we are missing something or if we have any bugs in there, we need to get >> them identified and fixed. >> >> >>> Thanks, >>> _____________________________________________________ >>> John Moyer >>> On Apr 30, 2013, at 1:21 PM, JR Aquino <[email protected]> wrote: >>> >>>> >>>> On Apr 30, 2013, at 9:30 AM, John Moyer >>>> <[email protected]<mailto:[email protected]>> >>>> wrote: >>>> >>>> Anyone have any suggestions to using the auto member function in IPA? >>>> I've tried to set it up so if a server is enrolled by a user called >>>> "build" then it should add it to a specific server group. I put in an >>>> inclusive rule and the expression is just "build", but it doesn't work. >>>> Do I need to specify more than just build in the expression area? >>>> >>>> >>>> That -should- be enough to catch new hosts that are built by the 'build' >>>> user. >>>> >>>> Can you verify that the Attribute you are matching on is: "enrolledby" ? >>>> >>>> >>>> "Keeping your head in the cloud" >>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>> Jr Aquino | Sr. Information Security Specialist >>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>> GCIH | GIAC Certified Incident Handler >>>> GWAPT | GIAC WebApp Penetration Tester >>>> >>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>>> 93117<x-apple-data-detectors://0/0> >>>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>>> [email protected]<mailto:[email protected]> >>>> http://www.citrixonline.com<http://www.citrixonline.com/> >>>> >>>> "Keeping your head in the cloud" >>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>> Jr Aquino | Sr. Information Security Specialist >>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>> GCIH | GIAC Certified Incident Handler >>>> GWAPT | GIAC WebApp Penetration Tester >>>> >>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>>> 93117<x-apple-data-detectors://0/0> >>>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>>> [email protected]<mailto:[email protected]> >>>> http://www.citrixonline.com<http://www.citrixonline.com/> >>>> >>>> >>>> >>>> Thanks, >>>> _____________________________________________________ >>>> John Moyer >>>> >>>> >>>> _______________________________________________ >>>> Freeipa-users mailing list >>>> [email protected]<mailto:[email protected]> >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> >>> >> > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
