Ha! I tried .*build and build.* before contacting you guys, I didn't try .*build.*
That worked, it automatically added the machine to the group! Thanks!!!!! That will save me soooo much time! Thanks, _____________________________________________________ John Moyer On Apr 30, 2013, at 2:17 PM, JR Aquino <[email protected]> wrote: > On Apr 30, 2013, at 11:12 AM, John Moyer <[email protected]> > wrote: > >> I tried adding it in addition to the current rule and that didn't work. I >> then deleted the old rule to only leave the rule with the full name >> (uid=build,cn=users,cn=accounts,dc=example,dc=com) and that didn't work >> either. >> >> This is the new output of that command you had me run earlier: >> >> ipa automember-find --type=hostgroup >> --------------- >> 1 rules matched >> --------------- >> Automember Rule: test-group >> Inclusive Regex: enrolledby=uid=build,cn=users,cn=accounts,dc=example,dc=com >> ---------------------------- >> Number of entries returned 1 >> ---------------------------- >> > > Interesting. > > What about if you just do something silly like: ".*build.*" > > Nathan... I believe the plugin is set to expect string values... how does it > handle a DN such as the enrolled by above? > >> >> >> Thanks, >> _____________________________________________________ >> John Moyer >> >> >> On Apr 30, 2013, at 2:07 PM, JR Aquino <[email protected]> wrote: >> >>> On Apr 30, 2013, at 11:02 AM, John Moyer <[email protected]> >>> wrote: >>> >>>> It comes back with a ton of stuff the row you are probably interested in >>>> is this one: >>>> >>>> enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com >>> >>> Bingo! >>> >>> Ok, try to adjust your automember rule. >>> >>> Delete your previous inclusive regex, and replace it with >>> uid=build,cn=users,cn=accounts,dc=example,dc=com >>> >>> See if that does the trick >>> >>>> Thanks, >>>> _____________________________________________________ >>>> John Moyer >>>> >>>> >>>> On Apr 30, 2013, at 1:57 PM, JR Aquino <[email protected]> wrote: >>>> >>>>> On Apr 30, 2013, at 10:52 AM, John Moyer <[email protected]> >>>>> wrote: >>>>> >>>>>> Not a problem, here is the output >>>>>> >>>>>> ipa automember-find --type=hostgroup >>>>>> --------------- >>>>>> 1 rules matched >>>>>> --------------- >>>>>> Automember Rule: test-group >>>>>> Inclusive Regex: enrolledby=build >>>>>> ---------------------------- >>>>>> Number of entries returned 1 >>>>>> ---------------------------- >>>>>> >>>>> >>>>> interesting. >>>>> >>>>> When you do an: ipa host-show test-hostname.example.com --all --raw >>>>> >>>>> Does it clearly show that enrolledby=build? >>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> _____________________________________________________ >>>>>> John Moyer >>>>>> >>>>>> >>>>>> On Apr 30, 2013, at 1:48 PM, JR Aquino <[email protected]> wrote: >>>>>> >>>>>>> On Apr 30, 2013, at 10:43 AM, John Moyer >>>>>>> <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> One thing to add is that this build user only has the following >>>>>>>> access: >>>>>>>> >>>>>>>> Host Administrators >>>>>>>> Host enrollment >>>>>>>> >>>>>>>> Would he need more access to do the membership? My original thought >>>>>>>> was that technically the user is not doing the addition to the group >>>>>>>> it's the system technically doing it so there shouldn't be a >>>>>>>> permissions issue. >>>>>>>> >>>>>>> >>>>>>> The user's roles shouldn't really matter to the best of my knowledge >>>>>>> (Nathan Kinder may need to refresh my memory), but the 389 plugin, >>>>>>> should be catching the insertion of the new object, then match the >>>>>>> watched-attribute, and execute the hostgroup assignment based upon the >>>>>>> rights of the plugin rather than that of the user. >>>>>>> >>>>>>> Would it be possible to ask you to do an automember-find >>>>>>> --type=hostgroup on the CLI and send it back to the thread? >>>>>>> >>>>>>> If we are missing something or if we have any bugs in there, we need to >>>>>>> get them identified and fixed. >>>>>>> >>>>>>> >>>>>>>> Thanks, >>>>>>>> _____________________________________________________ >>>>>>>> John Moyer >>>>>>>> On Apr 30, 2013, at 1:21 PM, JR Aquino <[email protected]> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> On Apr 30, 2013, at 9:30 AM, John Moyer >>>>>>>>> <[email protected]<mailto:[email protected]>> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Anyone have any suggestions to using the auto member function in IPA? >>>>>>>>> I've tried to set it up so if a server is enrolled by a user called >>>>>>>>> "build" then it should add it to a specific server group. I put in >>>>>>>>> an inclusive rule and the expression is just "build", but it doesn't >>>>>>>>> work. Do I need to specify more than just build in the expression >>>>>>>>> area? >>>>>>>>> >>>>>>>>> >>>>>>>>> That -should- be enough to catch new hosts that are built by the >>>>>>>>> 'build' user. >>>>>>>>> >>>>>>>>> Can you verify that the Attribute you are matching on is: >>>>>>>>> "enrolledby" ? >>>>>>>>> >>>>>>>>> >>>>>>>>> "Keeping your head in the cloud" >>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>>>>>> Jr Aquino | Sr. Information Security Specialist >>>>>>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>>>>>>> GCIH | GIAC Certified Incident Handler >>>>>>>>> GWAPT | GIAC WebApp Penetration Tester >>>>>>>>> >>>>>>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>>>>>>>> 93117<x-apple-data-detectors://0/0> >>>>>>>>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>>>>>>>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>>>>>>>> [email protected]<mailto:[email protected]> >>>>>>>>> http://www.citrixonline.com<http://www.citrixonline.com/> >>>>>>>>> >>>>>>>>> "Keeping your head in the cloud" >>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>>>>>> Jr Aquino | Sr. Information Security Specialist >>>>>>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>>>>>>> GCIH | GIAC Certified Incident Handler >>>>>>>>> GWAPT | GIAC WebApp Penetration Tester >>>>>>>>> >>>>>>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>>>>>>>> 93117<x-apple-data-detectors://0/0> >>>>>>>>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>>>>>>>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>>>>>>>> [email protected]<mailto:[email protected]> >>>>>>>>> http://www.citrixonline.com<http://www.citrixonline.com/> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> _____________________________________________________ >>>>>>>>> John Moyer >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Freeipa-users mailing list >>>>>>>>> [email protected]<mailto:[email protected]> >>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
