[Freeipa-users] Automember enrolledby
Mark Esman
mesman at stata.com
Thu Feb 5 04:03:10 UTC 2015
Thanks for the info Rob,
Well, that's a big bummer. I am trying to write kickstart scripts
with different IPA usernames such that they will automatically enroll
machines into specific hostgroups (with associated
permissions/roles/etc). Thanks for updating the ticket...
I don't know if there's going to be a port/update for Centos 7 for
freeipa 4, but even the "automember-rebuild" feature wouldn't really
be a viable option for my situation.
Anyone else run into similar situations and have any ideas?
Mark
On 2/4/2015 5:21 PM, Rob Crittenden wrote:
> Mark Esman wrote:
>> Hello all,
>>
>> I'm having a little trouble with the automember function using
>> "enrolledby" attribute. I have tried a number of different regex's
>> to define the username and automagically enroll the host into the
>> specified host group:
>>
>> .*ipainstaller.* <no quotes around regex>
>> ".*ipainstaller.*" <double quotes around regex>
>> '.*ipainstaller.*' <single quotes around regex>
>> etc.
>>
>> After client install, the server command:
>>
>> server#> ipa host-find machine.example.com --all
>>
>> shows: enrolledby_user: ipainstaller <this is the correct output>
>> but the machine is not enrolled in the assigned host group.
>>
>> My server is Centos 7 with ipa-server.x86_64 3.3.3-28.0.1.el7.centos.3
>> from the updates repo.
>>
>> I found this link, but it doesn't look like any work has been
>> done on this issue. https://fedorahosted.org/freeipa/ticket/3598
>>
>> Has anyone seen this issue and/or have a workaround?
>>
>
> automember is executed when new entries are added. The enrolled_by isn't
> set at the same time the host is added so it isn't triggering the rule.
>
> IPA 4.0 added an automember-rebuild which would pick this up but you'd
> need to run this periodically.
>
> I updated the ticket with this information as well.
>
> rob
>
More information about the Freeipa-users
mailing list