So I must have looked at the wrong server name, I just tried to add 4 more 
servers and none of them worked.   Anymore ideas?   The target is specified by 
the rule name test-group is the target.  

Thanks, 
_____________________________________________________
John Moyer


On Apr 30, 2013, at 2:25 PM, Dmitri Pal <d...@redhat.com> wrote:

> On 04/30/2013 02:17 PM, JR Aquino wrote:
>> On Apr 30, 2013, at 11:12 AM, John Moyer <john.mo...@digitalreasoning.com>
>> wrote:
>> 
>>> I tried adding it in addition to the current rule and that didn't work.  I 
>>> then deleted the old rule to only leave the rule with the full name 
>>> (uid=build,cn=users,cn=accounts,dc=example,dc=com) and that didn't work 
>>> either.
>>> 
>>> This is the new output of that command you had me run earlier: 
>>> 
>>> ipa automember-find --type=hostgroup
>>> ---------------
>>> 1 rules matched
>>> ---------------
>>> Automember Rule: test-group
>>> Inclusive Regex: enrolledby=uid=build,cn=users,cn=accounts,dc=example,dc=com
>>> ----------------------------
>>> Number of entries returned 1
>>> ----------------------------
>>> 
>> Interesting.
>> 
>> What about if you just do something silly like: ".*build.*"
>> 
>> Nathan... I believe the plugin is set to expect string values... how does it 
>> handle a DN such as the enrolled by above?
> 
> 
> Don't you need to specify target group?
> It might be that the filter is working but it is not placing it anywhere
> because nothing is specifying where to place it.
> 
> 
>> 
>>> 
>>> Thanks, 
>>> _____________________________________________________
>>> John Moyer
>>> 
>>> 
>>> On Apr 30, 2013, at 2:07 PM, JR Aquino <jr.aqu...@citrix.com> wrote:
>>> 
>>>> On Apr 30, 2013, at 11:02 AM, John Moyer <john.mo...@digitalreasoning.com>
>>>> wrote:
>>>> 
>>>>> It comes back with a ton of stuff the row you are probably interested in 
>>>>> is this one: 
>>>>> 
>>>>> enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com
>>>> Bingo!
>>>> 
>>>> Ok, try to adjust your automember rule.
>>>> 
>>>> Delete your previous inclusive regex, and replace it with 
>>>> uid=build,cn=users,cn=accounts,dc=example,dc=com
>>>> 
>>>> See if that does the trick
>>>> 
>>>>> Thanks, 
>>>>> _____________________________________________________
>>>>> John Moyer
>>>>> 
>>>>> 
>>>>> On Apr 30, 2013, at 1:57 PM, JR Aquino <jr.aqu...@citrix.com> wrote:
>>>>> 
>>>>>> On Apr 30, 2013, at 10:52 AM, John Moyer 
>>>>>> <john.mo...@digitalreasoning.com>
>>>>>> wrote:
>>>>>> 
>>>>>>> Not a problem, here is the output
>>>>>>> 
>>>>>>> ipa automember-find --type=hostgroup
>>>>>>> ---------------
>>>>>>> 1 rules matched
>>>>>>> ---------------
>>>>>>> Automember Rule: test-group
>>>>>>> Inclusive Regex: enrolledby=build
>>>>>>> ----------------------------
>>>>>>> Number of entries returned 1
>>>>>>> ----------------------------
>>>>>>> 
>>>>>> interesting.
>>>>>> 
>>>>>> When you do an: ipa host-show test-hostname.example.com --all --raw
>>>>>> 
>>>>>> Does it clearly show that enrolledby=build?
>>>>>> 
>>>>>>> 
>>>>>>> Thanks, 
>>>>>>> _____________________________________________________
>>>>>>> John Moyer
>>>>>>> 
>>>>>>> 
>>>>>>> On Apr 30, 2013, at 1:48 PM, JR Aquino <jr.aqu...@citrix.com> wrote:
>>>>>>> 
>>>>>>>> On Apr 30, 2013, at 10:43 AM, John Moyer 
>>>>>>>> <john.mo...@digitalreasoning.com>
>>>>>>>> wrote:
>>>>>>>> 
>>>>>>>>> One thing to add is that this build user only has the following 
>>>>>>>>> access: 
>>>>>>>>> 
>>>>>>>>> Host Administrators
>>>>>>>>> Host enrollment 
>>>>>>>>> 
>>>>>>>>> Would he need more access to do the membership?  My original thought 
>>>>>>>>> was that technically the user is not doing the addition to the group 
>>>>>>>>> it's the system technically doing it so there shouldn't be a 
>>>>>>>>> permissions issue. 
>>>>>>>>> 
>>>>>>>> The user's roles shouldn't really matter to the best of my knowledge 
>>>>>>>> (Nathan Kinder may need to refresh my memory), but the 389 plugin, 
>>>>>>>> should be catching the insertion of the new object, then match the 
>>>>>>>> watched-attribute, and execute the hostgroup assignment based upon the 
>>>>>>>> rights of the plugin rather than that of the user.
>>>>>>>> 
>>>>>>>> Would it be possible to ask you to do an automember-find 
>>>>>>>> --type=hostgroup on the CLI and send it back to the thread?
>>>>>>>> 
>>>>>>>> If we are missing something or if we have any bugs in there, we need 
>>>>>>>> to get them identified and fixed.
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> Thanks, 
>>>>>>>>> _____________________________________________________
>>>>>>>>> John Moyer
>>>>>>>>> On Apr 30, 2013, at 1:21 PM, JR Aquino <jr.aqu...@citrix.com> wrote:
>>>>>>>>> 
>>>>>>>>>> On Apr 30, 2013, at 9:30 AM, John Moyer 
>>>>>>>>>> <john.mo...@digitalreasoning.com<mailto:john.mo...@digitalreasoning.com>>
>>>>>>>>>>  wrote:
>>>>>>>>>> 
>>>>>>>>>> Anyone have any suggestions to using the auto member function in 
>>>>>>>>>> IPA?  I've tried to set it up so if a server is enrolled by a user 
>>>>>>>>>> called "build" then it should add it to a specific server group.   I 
>>>>>>>>>> put in an inclusive rule and the expression is just "build", but it 
>>>>>>>>>> doesn't work.  Do I need to specify more than just build in the 
>>>>>>>>>> expression area?
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> That -should- be enough to catch new hosts that are built by the 
>>>>>>>>>> 'build' user.
>>>>>>>>>> 
>>>>>>>>>> Can you verify that the Attribute you are matching on is: 
>>>>>>>>>> "enrolledby" ?
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> "Keeping your head in the cloud"
>>>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>>>>>> Jr Aquino | Sr. Information Security Specialist
>>>>>>>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
>>>>>>>>>> GCIH | GIAC Certified Incident Handler
>>>>>>>>>> GWAPT | GIAC WebApp Penetration Tester
>>>>>>>>>> 
>>>>>>>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA 
>>>>>>>>>> 93117<x-apple-data-detectors://0/0>
>>>>>>>>>> T:  +1 805.690.3478<tel:+1%C2%A0805.690.3478>
>>>>>>>>>> C: +1 805.717.0365<tel:+1%20805.717.0365>
>>>>>>>>>> jr.aqu...@citrix.com<mailto:jr.aqu...@citrixonline.com>
>>>>>>>>>> http://www.citrixonline.com<http://www.citrixonline.com/>
>>>>>>>>>> 
>>>>>>>>>> "Keeping your head in the cloud"
>>>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>>>>>>>> Jr Aquino | Sr. Information Security Specialist
>>>>>>>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester
>>>>>>>>>> GCIH | GIAC Certified Incident Handler
>>>>>>>>>> GWAPT | GIAC WebApp Penetration Tester
>>>>>>>>>> 
>>>>>>>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA 
>>>>>>>>>> 93117<x-apple-data-detectors://0/0>
>>>>>>>>>> T:  +1 805.690.3478<tel:+1%C2%A0805.690.3478>
>>>>>>>>>> C: +1 805.717.0365<tel:+1%20805.717.0365>
>>>>>>>>>> jr.aqu...@citrix.com<mailto:jr.aqu...@citrixonline.com>
>>>>>>>>>> http://www.citrixonline.com<http://www.citrixonline.com/>
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> Thanks,
>>>>>>>>>> _____________________________________________________
>>>>>>>>>> John Moyer
>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Freeipa-users mailing list
>>>>>>>>>> Freeipa-users@redhat.com<mailto:Freeipa-users@redhat.com>
>>>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>>>>>>>> 
>> 
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> 
> -- 
> Thank you,
> Dmitri Pal
> 
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
> 
> 
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
> 
> 
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to