Nathanaël Blanchet via FreeIPA-users wrote:
Hello,
I try to order my host list by filtering out the enrollment field.
I tried *ipa host-show vm500-dev.couchant.abes.fr --all*
and I can get the keytab param to false, which seems to be the
equivalent of non enrollment.
Now I try to find an option to *ipa host-find* to filter out all those
non enrolled hosts but none such option seems to exist.
My goal is to create a loop with correspondant hostnames to delete such
hosts.
The API doesn't provide for a way to search on enrolled but you can do
it a few different ways using ldapsearch. The reason is that it is
expensive to do so as we do an existence check to determine whether a
host is enrolled or not. Here is how I would do it:
$ kinit admin
$ ldapsearch -LLL -Y GSSAPI -b
cn=computers,cn=accounts,dc=example,dc=test
"(&(objectclass=ipahost)(!(krblastpwdchange=*)))" fqdn
Basically search for hosts (a few other objects live there too) and
those with no last kerberos password change set.
rob