Ñò Ã#xPc@sddklZlZddklZlZddkTddklZlZddkl Z ddk Z ddk l Z edƒZd Zd Zed d d dedƒdedƒdedeƒedd ddedƒdedƒdedeƒeddedƒdedƒddddgƒfZeddedƒdedƒd d?ƒfZed#d d$ded%ƒded%ƒd&d'„ƒfZd(efd)„ƒYZeieƒd*„Zd+efd,„ƒYZeieƒd-efd.„ƒYZeieƒd/efd0„ƒYZeieƒd1efd2„ƒYZeieƒd3efd4„ƒYZ eie ƒd5e!fd6„ƒYZ"eie"ƒd7e#fd8„ƒYZ$eie$ƒd9efd:„ƒYZ%eie%ƒd;efd<„ƒYZ&eie&ƒd=e#fd>„ƒYZ'eie'ƒdS(@iÿÿÿÿ(tapiterrors(tStrtStrEnum(t*(t_tngettext(tcontextN(tDNsU Auto Membership Rule. Bring clarity to the membership of hosts and users by configuring inclusive or exclusive regex patterns, you can automatically assign a new entries into a group or hostgroup based upon attribute information. A rule is directly associated with a group by name, so you cannot create a rule without an accompanying group or hostgroup. A condition is a regular expression used by 389-ds to match a new incoming entry with an automember rule. If it matches an inclusive rule then the entry is added to the appropriate group or hostgroup. A default group or hostgroup could be specified for entries that do not match any rule. In case of user entries this group will be a fallback group because all users are by default members of group specified in IPA config. EXAMPLES: Add the initial group or hostgroup: ipa hostgroup-add --desc="Web Servers" webservers ipa group-add --desc="Developers" devel Add the initial rule: ipa automember-add --type=hostgroup webservers ipa automember-add --type=group devel Add a condition to the rule: ipa automember-add-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\.example\.com webservers ipa automember-add-condition --key=manager --type=group --inclusive-regex=^uid=mscott devel Add an exclusive condition to the rule to prevent auto assignment: ipa automember-add-condition --key=fqdn --type=hostgroup --exclusive-regex=^web5\.example\.com webservers Add a host: ipa host-add web1.example.com Add a user: ipa user-add --first=Tim --last=User --password tuser1 --manager=mscott Verify automembership: ipa hostgroup-show webservers Host-group: webservers Description: Web Servers Member hosts: web1.example.com ipa group-show devel Group name: devel Description: Developers GID: 1004200000 Member users: tuser Remove a condition from the rule: ipa automember-remove-condition --key=fqdn --type=hostgroup --inclusive-regex=^web[1-9]+\.example\.com webservers Modify the automember rule: ipa automember-mod Set the default (fallback) target group: ipa automember-default-group-set --default-group=webservers --type=hostgroup ipa automember-default-group-set --default-group=ipausers --type=group Remove the default (fallback) target group: ipa automember-default-group-remove --type=hostgroup ipa automember-default-group-remove --type=group Show the default (fallback) target group: ipa automember-default-group-show --type=hostgroup ipa automember-default-group-show --type=group Find all of the automember rules: ipa automember-find Display a automember rule: ipa automember-show --type=hostgroup webservers ipa automember-show --type=group devel Delete an automember rule: ipa automember-del --type=hostgroup webservers ipa automember-del --type=group devel tautomemberinclusiveregextautomemberexclusiveregexsautomemberinclusiveregex*tcli_nametinclusive_regextlabelsInclusive Regextdoctcsvt alwaysasksautomemberexclusiveregex*texclusive_regexsExclusive Regextkeys Attribute KeysQAttribute to filter via regex. For example fqdn for a host, or manager for a usertflagst no_createt no_updatet no_searchttypes Grouping Types"Grouping to which the rule appliestvaluesugroupu hostgrouptcntautomember_rulesAutomember Rulet normalizercCs |iƒS((tlower(tvalue((s=/usr/lib/python2.6/site-packages/ipalib/plugins/automember.pyt—st automemberc BsÔeZdZeiiZdZdZddgZ ddddd d gZ e d ƒZ e d d dde dƒde dƒƒe dd dde dƒde dƒddddgƒfZd„Zd„Zd„ZRS(sG Bring automember to a hostgroup with an Auto Membership Rule. tauto_member_ruletauto_member_rulesttoptautomemberregexruleR R Rtautomembertargetgroupt descriptiontautomemberdefaultgroupsAuto Membership Rules description?R tdescR t DescriptionRs&A description of this auto member rulesautomemberdefaultgroup?t default_groupsDefault (fallback) Groups!Default group for entries to landRRRRcGs}|iii}|ii|i|ƒ}y|i|gƒ\}}Wn2tij o#tidtdƒ|ƒ‚nX|S(NtreasonuGroup: %s not found!( RtBackendtldap2tObjecttget_dnt get_entryRtNotFoundR(tselft grouptypet groupnametkeystldaptdntgdnt entry_attrs((s=/usr/lib/python2.6/site-packages/ipalib/plugins/automember.pyt dn_exists»s!cOs–|io$|ii|ii|d Œ}n |i}|d}y&td|dfd|f|ƒ}Wn(tj otd|f|ƒ}nX|S(NiÿÿÿÿRR(t parent_objectRR-R.t container_dnRt IndexError(R1R4toptionst parent_dnR2tndn((s=/usr/lib/python2.6/site-packages/ipalib/plugins/automember.pyR.Äs $  &cCs\|iii}|iitii|ƒ}|dj o|Sti dt dƒ|ƒ‚dS(sV Verify that the user supplied key is a valid attribute in the schema R*s%s is not a valid attribute.N( RR+R,tschematget_objt_ldapt AttributeTypetNoneRR0R(R1tattrR5tobj((s=/usr/lib/python2.6/site-packages/ipalib/plugins/automember.pyt check_attrÐs  (t__name__t __module__t__doc__Rtenvtcontainer_automemberR;t object_nametobject_name_pluralt object_classtdefault_attributesRR Rt takes_paramsR9R.RG(((s=/usr/lib/python2.6/site-packages/ipalib/plugins/automember.pyR›s(          cCs8y|itiigƒWntij otSXtS(N(R/RRKRLRR0tFalsetTrue(R5((s=/usr/lib/python2.6/site-packages/ipalib/plugins/automember.pytautomember_container_existsÞs tautomember_addcBsEeZedƒZeieZeZedƒZ d„Z d„Z RS(s! Add an automember rule. s!Added automember rule "%(value)s"cOse|d|dst  R                 @   [ W      !