On Apr 30, 2013, at 11:02 AM, John Moyer <[email protected]> wrote:
> It comes back with a ton of stuff the row you are probably interested in is > this one: > > enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com Bingo! Ok, try to adjust your automember rule. Delete your previous inclusive regex, and replace it with uid=build,cn=users,cn=accounts,dc=example,dc=com See if that does the trick > Thanks, > _____________________________________________________ > John Moyer > > > On Apr 30, 2013, at 1:57 PM, JR Aquino <[email protected]> wrote: > >> On Apr 30, 2013, at 10:52 AM, John Moyer <[email protected]> >> wrote: >> >>> Not a problem, here is the output >>> >>> ipa automember-find --type=hostgroup >>> --------------- >>> 1 rules matched >>> --------------- >>> Automember Rule: test-group >>> Inclusive Regex: enrolledby=build >>> ---------------------------- >>> Number of entries returned 1 >>> ---------------------------- >>> >> >> interesting. >> >> When you do an: ipa host-show test-hostname.example.com --all --raw >> >> Does it clearly show that enrolledby=build? >> >>> >>> >>> Thanks, >>> _____________________________________________________ >>> John Moyer >>> >>> >>> On Apr 30, 2013, at 1:48 PM, JR Aquino <[email protected]> wrote: >>> >>>> On Apr 30, 2013, at 10:43 AM, John Moyer <[email protected]> >>>> wrote: >>>> >>>>> One thing to add is that this build user only has the following access: >>>>> >>>>> Host Administrators >>>>> Host enrollment >>>>> >>>>> Would he need more access to do the membership? My original thought was >>>>> that technically the user is not doing the addition to the group it's the >>>>> system technically doing it so there shouldn't be a permissions issue. >>>>> >>>> >>>> The user's roles shouldn't really matter to the best of my knowledge >>>> (Nathan Kinder may need to refresh my memory), but the 389 plugin, should >>>> be catching the insertion of the new object, then match the >>>> watched-attribute, and execute the hostgroup assignment based upon the >>>> rights of the plugin rather than that of the user. >>>> >>>> Would it be possible to ask you to do an automember-find --type=hostgroup >>>> on the CLI and send it back to the thread? >>>> >>>> If we are missing something or if we have any bugs in there, we need to >>>> get them identified and fixed. >>>> >>>> >>>>> Thanks, >>>>> _____________________________________________________ >>>>> John Moyer >>>>> On Apr 30, 2013, at 1:21 PM, JR Aquino <[email protected]> wrote: >>>>> >>>>>> >>>>>> On Apr 30, 2013, at 9:30 AM, John Moyer >>>>>> <[email protected]<mailto:[email protected]>> >>>>>> wrote: >>>>>> >>>>>> Anyone have any suggestions to using the auto member function in IPA? >>>>>> I've tried to set it up so if a server is enrolled by a user called >>>>>> "build" then it should add it to a specific server group. I put in an >>>>>> inclusive rule and the expression is just "build", but it doesn't work. >>>>>> Do I need to specify more than just build in the expression area? >>>>>> >>>>>> >>>>>> That -should- be enough to catch new hosts that are built by the 'build' >>>>>> user. >>>>>> >>>>>> Can you verify that the Attribute you are matching on is: "enrolledby" ? >>>>>> >>>>>> >>>>>> "Keeping your head in the cloud" >>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>>> Jr Aquino | Sr. Information Security Specialist >>>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>>>> GCIH | GIAC Certified Incident Handler >>>>>> GWAPT | GIAC WebApp Penetration Tester >>>>>> >>>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>>>>> 93117<x-apple-data-detectors://0/0> >>>>>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>>>>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>>>>> [email protected]<mailto:[email protected]> >>>>>> http://www.citrixonline.com<http://www.citrixonline.com/> >>>>>> >>>>>> "Keeping your head in the cloud" >>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>>> Jr Aquino | Sr. Information Security Specialist >>>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>>>> GCIH | GIAC Certified Incident Handler >>>>>> GWAPT | GIAC WebApp Penetration Tester >>>>>> >>>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>>>>> 93117<x-apple-data-detectors://0/0> >>>>>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>>>>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>>>>> [email protected]<mailto:[email protected]> >>>>>> http://www.citrixonline.com<http://www.citrixonline.com/> >>>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> _____________________________________________________ >>>>>> John Moyer >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Freeipa-users mailing list >>>>>> [email protected]<mailto:[email protected]> >>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>>> >>>>> >>>> >>> >> > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
