Ha!  I tried .*build and build.* before contacting you guys, I didn't try 
.*build.* 

That worked, it automatically added the machine to the group! 

Thanks!!!!!  That will save me soooo much time! 


Thanks, 
_____________________________________________________
John Moyer


On Apr 30, 2013, at 2:17 PM, JR Aquino <jr.aqu...@citrix.com> wrote:

> On Apr 30, 2013, at 11:12 AM, John Moyer <john.mo...@digitalreasoning.com>
> wrote:
> 
>> I tried adding it in addition to the current rule and that didn't work.  I 
>> then deleted the old rule to only leave the rule with the full name 
>> (uid=build,cn=users,cn=accounts,dc=example,dc=com) and that didn't work 
>> either.
>> 
>> This is the new output of that command you had me run earlier: 
>> 
>> ipa automember-find --type=hostgroup
>> ---------------
>> 1 rules matched
>> ---------------
>> Automember Rule: test-group
>> Inclusive Regex: enrolledby=uid=build,cn=users,cn=accounts,dc=example,dc=com
>> ----------------------------
>> Number of entries returned 1
>> ----------------------------
>> 
> 
> Interesting.
> 
> What about if you just do something silly like: ".*build.*"
> 
> Nathan... I believe the plugin is set to expect string values... how does it 
> handle a DN such as the enrolled by above?
> 
>> 
>> 
>> Thanks, 
>> _____________________________________________________
>> John Moyer
>> 
>> 
>> On Apr 30, 2013, at 2:07 PM, JR Aquino <jr.aqu...@citrix.com> wrote:
>> 
>>> On Apr 30, 2013, at 11:02 AM, John Moyer <john.mo...@digitalreasoning.com>
>>> wrote:
>>> 
>>>> It comes back with a ton of stuff the row you are probably interested in 
>>>> is this one: 
>>>> 
>>>> enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com
>>> 
>>> Bingo!
>>> 
>>> Ok, try to adjust your automember rule.
>>> 
>>> Delete your previous inclusive regex, and replace it with 
>>> uid=build,cn=users,cn=accounts,dc=example,dc=com
>>> 
>>> See if that does the trick
>>> 
>>>> Thanks, 
>>>> _____________________________________________________
>>>> John Moyer
>>>> 
>>>> 
>>>> On Apr 30, 2013, at 1:57 PM, JR Aquino <jr.aqu...@citrix.com> wrote:
>>>> 
>>>>> On Apr 30, 2013, at 10:52 AM, John Moyer <john.mo...@digitalreasoning.com>
>>>>> wrote:
>>>>> 
>>>>>> Not a problem, here is the output
>>>>>> 
>>>>>> ipa automember-find --type=hostgroup
>>>>>> ---------------
>>>>>> 1 rules matched
>>>>>> ---------------
>>>>>> Automember Rule: test-group
>>>>>> Inclusive Regex: enrolledby=build
>>>>>> ----------------------------
>>>>>> Number of entries returned 1
>>>>>> ----------------------------
>>>>>> 
>>>>> 
>>>>> interesting.
>>>>> 
>>>>> When you do an: ipa host-show test-hostname.example.com --all --raw
>>>>> 
>>>>> Does it clearly show that enrolledby=build?
>>>>> 
>>>>>> 
>>>>>> 
>>>>>> Thanks, 
>>>>>> _____________________________________________________
>>>>>> John Moyer
>>>>>> 
>>>>>> 
>>>>>> On Apr 30, 2013, at 1:48 PM, JR Aquino <jr.aqu...@citrix.com> wrote:
>>>>>> 
>>>>>>> On Apr 30, 2013, at 10:43 AM, John Moyer 
>>>>>>> <john.mo...@digitalreasoning.com>
>>>>>>> wrote:
>>>>>>> 
>>>>>>>> One thing to add is that this build user only has the following 
>>>>>>>> access: 
>>>>>>>> 
>>>>>>>> Host Administrators
>>>>>>>> Host enrollment 
>>>>>>>> 
>>>>>>>> Would he need more access to do the membership?  My original thought 
>>>>>>>> was that technically the user is not doing the addition to the group 
>>>>>>>> it's the system technically doing it so there shouldn't be a 
>>>>>>>> permissions issue. 
>>>>>>>> 
>>>>>>> 
>>>>>>> The user's roles shouldn't really matter to the best of my knowledge 
>>>>>>> (Nathan Kinder may need to refresh my memory), but the 389 plugin, 
>>>>>>> should be catching the insertion of the new object, then match the 
>>>>>>> watched-attribute, and execute the hostgroup assignment based upon the 
>>>>>>> rights of the plugin rather than that of the user.
>>>>>>> 
>>>>>>> Would it be possible to ask you to do an automember-find 
>>>>>>> --type=hostgroup on the CLI and send it back to the thread?
>>>>>>> 
>>>>>>> If we are missing something or if we have any bugs in there, we need to 
>>>>>>> get them identified and fixed.
>>>>>>> 
>>>>>>> 
>>>>>>>> Thanks, 
>>>>>>>> _____________________________________________________
>>>>>>>> John Moyer
>>>>>>>> On Apr 30, 2013, at 1:21 PM, JR Aquino <jr.aqu...@citrix.com> wrote:
>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> On Apr 30, 2013, at 9:30 AM, John Moyer 
>>>>>>>>> <john.mo...@digitalreasoning.com<mailto:john.mo...@digitalreasoning.com>>
>>>>>>>>>  wrote:
>>>>>>>>> 
>>>>>>>>> Anyone have any suggestions to using the auto member function in IPA? 
>>>>>>>>>  I've tried to set it up so if a server is enrolled by a user called 
>>>>>>>>> "build" then it should add it to a specific server group.   I put in 
>>>>>>>>> an inclusive rule and the expression is just "build", but it doesn't 
>>>>>>>>> work.  Do I need to specify more than just build in the expression 
>>>>>>>>> area?
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> That -should- be enough to catch new hosts that are built by the 
>>>>>>>>> 'build' user.
>>>>>>>>> 
>>>>>>>>> Can you verify that the Attribute you are matching on is: 
>>>>>>>>> "enrolledby" ?
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> "Keeping your head in the cloud"
>>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>>>>> Jr Aquino | Sr. Information Security Specialist
>>>>>>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
>>>>>>>>> GCIH | GIAC Certified Incident Handler
>>>>>>>>> GWAPT | GIAC WebApp Penetration Tester
>>>>>>>>> 
>>>>>>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA 
>>>>>>>>> 93117<x-apple-data-detectors://0/0>
>>>>>>>>> T:  +1 805.690.3478<tel:+1%C2%A0805.690.3478>
>>>>>>>>> C: +1 805.717.0365<tel:+1%20805.717.0365>
>>>>>>>>> jr.aqu...@citrix.com<mailto:jr.aqu...@citrixonline.com>
>>>>>>>>> http://www.citrixonline.com<http://www.citrixonline.com/>
>>>>>>>>> 
>>>>>>>>> "Keeping your head in the cloud"
>>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>>>>> Jr Aquino | Sr. Information Security Specialist
>>>>>>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
>>>>>>>>> GCIH | GIAC Certified Incident Handler
>>>>>>>>> GWAPT | GIAC WebApp Penetration Tester
>>>>>>>>> 
>>>>>>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA 
>>>>>>>>> 93117<x-apple-data-detectors://0/0>
>>>>>>>>> T:  +1 805.690.3478<tel:+1%C2%A0805.690.3478>
>>>>>>>>> C: +1 805.717.0365<tel:+1%20805.717.0365>
>>>>>>>>> jr.aqu...@citrix.com<mailto:jr.aqu...@citrixonline.com>
>>>>>>>>> http://www.citrixonline.com<http://www.citrixonline.com/>
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> Thanks,
>>>>>>>>> _____________________________________________________
>>>>>>>>> John Moyer
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> _______________________________________________
>>>>>>>>> Freeipa-users mailing list
>>>>>>>>> Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
>>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>>> 
>>>>> 
>>>> 
>>> 
>> 
> 


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to