So I must have looked at the wrong server name, I just tried to add 4 more servers and none of them worked. Anymore ideas? The target is specified by the rule name test-group is the target.
Thanks, _____________________________________________________ John Moyer On Apr 30, 2013, at 2:25 PM, Dmitri Pal <[email protected]> wrote: > On 04/30/2013 02:17 PM, JR Aquino wrote: >> On Apr 30, 2013, at 11:12 AM, John Moyer <[email protected]> >> wrote: >> >>> I tried adding it in addition to the current rule and that didn't work. I >>> then deleted the old rule to only leave the rule with the full name >>> (uid=build,cn=users,cn=accounts,dc=example,dc=com) and that didn't work >>> either. >>> >>> This is the new output of that command you had me run earlier: >>> >>> ipa automember-find --type=hostgroup >>> --------------- >>> 1 rules matched >>> --------------- >>> Automember Rule: test-group >>> Inclusive Regex: enrolledby=uid=build,cn=users,cn=accounts,dc=example,dc=com >>> ---------------------------- >>> Number of entries returned 1 >>> ---------------------------- >>> >> Interesting. >> >> What about if you just do something silly like: ".*build.*" >> >> Nathan... I believe the plugin is set to expect string values... how does it >> handle a DN such as the enrolled by above? > > > Don't you need to specify target group? > It might be that the filter is working but it is not placing it anywhere > because nothing is specifying where to place it. > > >> >>> >>> Thanks, >>> _____________________________________________________ >>> John Moyer >>> >>> >>> On Apr 30, 2013, at 2:07 PM, JR Aquino <[email protected]> wrote: >>> >>>> On Apr 30, 2013, at 11:02 AM, John Moyer <[email protected]> >>>> wrote: >>>> >>>>> It comes back with a ton of stuff the row you are probably interested in >>>>> is this one: >>>>> >>>>> enrolledby: uid=build,cn=users,cn=accounts,dc=example,dc=com >>>> Bingo! >>>> >>>> Ok, try to adjust your automember rule. >>>> >>>> Delete your previous inclusive regex, and replace it with >>>> uid=build,cn=users,cn=accounts,dc=example,dc=com >>>> >>>> See if that does the trick >>>> >>>>> Thanks, >>>>> _____________________________________________________ >>>>> John Moyer >>>>> >>>>> >>>>> On Apr 30, 2013, at 1:57 PM, JR Aquino <[email protected]> wrote: >>>>> >>>>>> On Apr 30, 2013, at 10:52 AM, John Moyer >>>>>> <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Not a problem, here is the output >>>>>>> >>>>>>> ipa automember-find --type=hostgroup >>>>>>> --------------- >>>>>>> 1 rules matched >>>>>>> --------------- >>>>>>> Automember Rule: test-group >>>>>>> Inclusive Regex: enrolledby=build >>>>>>> ---------------------------- >>>>>>> Number of entries returned 1 >>>>>>> ---------------------------- >>>>>>> >>>>>> interesting. >>>>>> >>>>>> When you do an: ipa host-show test-hostname.example.com --all --raw >>>>>> >>>>>> Does it clearly show that enrolledby=build? >>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> _____________________________________________________ >>>>>>> John Moyer >>>>>>> >>>>>>> >>>>>>> On Apr 30, 2013, at 1:48 PM, JR Aquino <[email protected]> wrote: >>>>>>> >>>>>>>> On Apr 30, 2013, at 10:43 AM, John Moyer >>>>>>>> <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> One thing to add is that this build user only has the following >>>>>>>>> access: >>>>>>>>> >>>>>>>>> Host Administrators >>>>>>>>> Host enrollment >>>>>>>>> >>>>>>>>> Would he need more access to do the membership? My original thought >>>>>>>>> was that technically the user is not doing the addition to the group >>>>>>>>> it's the system technically doing it so there shouldn't be a >>>>>>>>> permissions issue. >>>>>>>>> >>>>>>>> The user's roles shouldn't really matter to the best of my knowledge >>>>>>>> (Nathan Kinder may need to refresh my memory), but the 389 plugin, >>>>>>>> should be catching the insertion of the new object, then match the >>>>>>>> watched-attribute, and execute the hostgroup assignment based upon the >>>>>>>> rights of the plugin rather than that of the user. >>>>>>>> >>>>>>>> Would it be possible to ask you to do an automember-find >>>>>>>> --type=hostgroup on the CLI and send it back to the thread? >>>>>>>> >>>>>>>> If we are missing something or if we have any bugs in there, we need >>>>>>>> to get them identified and fixed. >>>>>>>> >>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> _____________________________________________________ >>>>>>>>> John Moyer >>>>>>>>> On Apr 30, 2013, at 1:21 PM, JR Aquino <[email protected]> wrote: >>>>>>>>> >>>>>>>>>> On Apr 30, 2013, at 9:30 AM, John Moyer >>>>>>>>>> <[email protected]<mailto:[email protected]>> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Anyone have any suggestions to using the auto member function in >>>>>>>>>> IPA? I've tried to set it up so if a server is enrolled by a user >>>>>>>>>> called "build" then it should add it to a specific server group. I >>>>>>>>>> put in an inclusive rule and the expression is just "build", but it >>>>>>>>>> doesn't work. Do I need to specify more than just build in the >>>>>>>>>> expression area? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> That -should- be enough to catch new hosts that are built by the >>>>>>>>>> 'build' user. >>>>>>>>>> >>>>>>>>>> Can you verify that the Attribute you are matching on is: >>>>>>>>>> "enrolledby" ? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> "Keeping your head in the cloud" >>>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>>>>>>> Jr Aquino | Sr. Information Security Specialist >>>>>>>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>>>>>>>> GCIH | GIAC Certified Incident Handler >>>>>>>>>> GWAPT | GIAC WebApp Penetration Tester >>>>>>>>>> >>>>>>>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>>>>>>>>> 93117<x-apple-data-detectors://0/0> >>>>>>>>>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>>>>>>>>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>>>>>>>>> [email protected]<mailto:[email protected]> >>>>>>>>>> http://www.citrixonline.com<http://www.citrixonline.com/> >>>>>>>>>> >>>>>>>>>> "Keeping your head in the cloud" >>>>>>>>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>>>>>>>>> Jr Aquino | Sr. Information Security Specialist >>>>>>>>>> GXPN | GIAC Exploit Researcher and Advanced Penetration Tester >>>>>>>>>> GCIH | GIAC Certified Incident Handler >>>>>>>>>> GWAPT | GIAC WebApp Penetration Tester >>>>>>>>>> >>>>>>>>>> Citrix Online | 7408 Hollister Avenue | Goleta, CA >>>>>>>>>> 93117<x-apple-data-detectors://0/0> >>>>>>>>>> T: +1 805.690.3478<tel:+1%C2%A0805.690.3478> >>>>>>>>>> C: +1 805.717.0365<tel:+1%20805.717.0365> >>>>>>>>>> [email protected]<mailto:[email protected]> >>>>>>>>>> http://www.citrixonline.com<http://www.citrixonline.com/> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> _____________________________________________________ >>>>>>>>>> John Moyer >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Freeipa-users mailing list >>>>>>>>>> [email protected]<mailto:[email protected]> >>>>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>>>>>>> >> >> _______________________________________________ >> Freeipa-users mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-users > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
