It comes back with a ton of stuff the row you are probably interested in is this one:
enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com Thanks, _____________________________________________________ John Moyer On Apr 30, 2013, at 1:57 PM, JR Aquino <[email protected]> wrote: > On Apr 30, 2013, at 10:52 AM, John Moyer <[email protected]> > wrote: > >> Not a problem, here is the output >> >> ipa automember-find --type=hostgroup >> --------------- >> 1 rules matched >> --------------- >> Automember Rule: test-group >> Inclusive Regex: enrolledby=build >> ---------------------------- >> Number of entries returned 1 >> ---------------------------- >> > > interesting. > > When you do an: ipa host-show test-hostname.example.com --all --raw > > Does it clearly show that enrolledby=build? > >> >> >> Thanks, >> _____________________________________________________ >> John Moyer >> >> >> On Apr 30, 2013, at 1:48 PM, JR Aquino <[email protected]> wrote: >> >>> On Apr 30, 2013, at 10:43 AM, John Moyer <[email protected]> >>> wrote: >>> >>>> One thing to add is that this build user only has the following access: >>>> >>>> Host Administrators >>>> Host enrollment >>>> >>>> Would he need more access to do the membership? My original thought was >>>> that technically the user is not doing the addition to the group it's the >>>> system technically doing it so there shouldn't be a permissions issue. >>>> >>> >>> The user's roles shouldn't really matter to the best of my knowledge >>> (Nathan Kinder may need to refresh my memory), but the 389 plugin, should >>> be catching the insertion of the new object, then match the >>> watched-attribute, and execute the hostgroup assignment based upon the >>> rights of the plugin rather than that of the user. >>> >>> Would it be possible to ask you to do an automember-find --type=hostgroup >>> on the CLI and send it back to the thread? >>> >>> If we are missing something or if we have any bugs in there, we need to get >>> them identified and fixed. >>> >>> >>>> Thanks, >>>> _____________________________________________________ >>>> John Moyer >>>> On Apr 30, 2013, at 1:21 PM, JR Aquino <[email protected]> wrote: >>>> >>>>> >>>>> On Apr 30, 2013, at 9:30 AM, John Moyer >>>>> <[email protected]<mailto:[email protected]>> >>>>> wrote: >>>>> >>>>> Anyone have any suggestions to using the auto member function in IPA? >>>>> I've tried to set it up so if a server is enrolled by a user called >>>>> "build" then it should add it to a specific server group. I put in an >>>>> inclusive rule and the expression is just "build", but it doesn't work. >>>>> Do I need to specify more than just build in the expression area? >>>>> >>>>> >>>>> That -should- be enough to catch new hosts that are built by the 'build' >>>>> user. >>>>> >>>>> Can you verify that the Attribute you are matching on is: "enrolledby" ? >>>>> >>>>> >>>>> "Keeping your head in the cloud" >>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>> Jr Aquino | Sr. Information Security Specialist >>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>>> GCIH | GIAC Certified Incident Handler >>>>> GWAPT | GIAC WebApp Penetration Tester >>>>> >>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>>>> 93117<x-apple-data-detectors://0/0> >>>>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>>>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>>>> [email protected]<mailto:[email protected]> >>>>> http://www.citrixonline.com<http://www.citrixonline.com/> >>>>> >>>>> "Keeping your head in the cloud" >>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>> Jr Aquino | Sr. Information Security Specialist >>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>>> GCIH | GIAC Certified Incident Handler >>>>> GWAPT | GIAC WebApp Penetration Tester >>>>> >>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>>>> 93117<x-apple-data-detectors://0/0> >>>>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>>>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>>>> [email protected]<mailto:[email protected]> >>>>> http://www.citrixonline.com<http://www.citrixonline.com/> >>>>> >>>>> >>>>> >>>>> Thanks, >>>>> _____________________________________________________ >>>>> John Moyer >>>>> >>>>> >>>>> _______________________________________________ >>>>> Freeipa-users mailing list >>>>> [email protected]<mailto:[email protected]> >>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>> >>>> >>> >> > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
