Thanks for the info Rob,

Well, that's a big bummer. I am trying to write kickstart scripts
with different IPA usernames such that they will automatically enroll
machines into specific hostgroups (with associated permissions/roles/etc). Thanks for updating the ticket...


I don't know if there's going to be a port/update for Centos 7 for
freeipa 4, but even the "automember-rebuild" feature wouldn't really
be a viable option for my situation.

Anyone else run into similar situations and have any ideas?

Mark

On 2/4/2015 5:21 PM, Rob Crittenden wrote:
Mark Esman wrote:
Hello all,

I'm having a little trouble with the automember function using
"enrolledby" attribute. I have tried a number of different regex's
to define the username and automagically enroll the host into the
specified host group:

   .*ipainstaller.*  <no quotes around regex>
   ".*ipainstaller.*"  <double quotes around regex>
   '.*ipainstaller.*'  <single quotes around regex>
   etc.

After client install, the server command:

server#> ipa host-find machine.example.com --all

shows: enrolledby_user: ipainstaller  <this is the correct output>
but the machine is not enrolled in the assigned host group.

My server is Centos 7 with ipa-server.x86_64 3.3.3-28.0.1.el7.centos.3
from the updates repo.

I found this link, but it doesn't look like any work has been
done on this issue. https://fedorahosted.org/freeipa/ticket/3598

Has anyone seen this issue and/or have a workaround?


automember is executed when new entries are added. The enrolled_by isn't
set at the same time the host is added so it isn't triggering the rule.

IPA 4.0 added an automember-rebuild which would pick this up but you'd
need to run this periodically.

I updated the ticket with this information as well.

rob


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to