Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

20.2. Adding Hosts to an IDM Host Group

Identity Management (IDM) supports the ability to set up automatic membership rules based on a system's attributes. Red Hat Satellite's realm feature provides administrators with the ability to map the Red Hat Satellite host groups to the IDM parameter "userclass" which allow administrators to configure automembership.
When nested host groups are used, they are sent to the IDM server as they are displayed in the Red Hat Satellite User Interface. For example, "Parent/Child/Child".

Note

The Satellite Server or Capsule Server sends updates to the IDM server, however automembership rules are only applied at initial registration.
  1. On the IDM server, create a host group: 
    # ipa hostgroup-add hostgroup_name
Description: hostgroup_description
----------------------------
Added hostgroup "hostgroup_name"
----------------------------
  Host-group: hostgroup_name
  Description: hostgroup_description
    Copy to Clipboard Toggle word wrap
    Where:
    1. hostgroup_name is the hostgroup's name.
    2. hostgroup_description is the hostgroup's description.
  2. Create an automembership rule: 
    # ipa automember-add --type=hostgroup automember_rule
----------------------------------
Added automember rule "automember_rule"
----------------------------------
Automember Rule: automember_rule
    Copy to Clipboard Toggle word wrap
    Where:
    1. automember-add flags the group as an automember group.
    2. --type=hostgroup identifies that the target group is a host group, not a user group.
    3. automember_rule is the name you wish to identify the automember rule by.
  3. Define an automembership condition based on the userclass attribute: 
    # ipa automember-add-condition --key=userclass --type=hostgroup --inclusive-regex=^webserver hostgroup_name
----------------------------------
Added condition(s) to "hostgroup_name"
----------------------------------
  Automember Rule: automember_rule
  Inclusive Regex: userclass=^webserver
----------------------------
Number of conditions added 1
----------------------------
    Copy to Clipboard Toggle word wrap
    Where:
    1. automember-add-condition allows you to add regular expression conditions to identify group members.
    2. --key=userclass specifies the key attribute as userclass.
    3. --type=hostgroup identifies that the target group is a host group, not a user group.
    4. --inclusive-regex=^webserver is a regular expression pattern to identify matching values.
    5. hostgroup_name is the target hostgroup's name.
When a system is added to the Satellite Server's hostgroup_name host group, it will now automatically be added to the Identity Management server's "hostgroup_name" host group as well. IDM host groups allow for Host-Based Access Controls (HBAC), sudo policies and other IDM functions.
Report a bug
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat