Not all user attributes honor forcelocal (e.g. home, shell)

Puppet Version: 6.19.1, 7.9.0
Puppet Server Version: N/A
OS Name/Version: CentOS 7

When setting forcelocal => true on a user resource, I'd expect all user attributes available via /etc/passwd to be used as the "is" value for the insync? check.

This appears to not be the case for the home and shell attributes.

Those are always checked against their values from directory services rather than from /etc/passwd, which means those attributes appear to change on each puppet run and the user resource is no longer idempotent.

Desired Behavior:

When an OS has directory services enabled (e.g. LDAP via SSSD) and a puppet-managed user exists in LDAP...

Given an /etc/passwd file containing:

nate:x:1000:1001:hello world:/opt/hello:/bin/zsh

This code should read "shell", "home", and "comment" all from /etc/passwd when comparing the "is" state to the "should" state:

user { 'nate':

  ensure     => present,

  forcelocal => true,

  shell      => '/bin/zsh',

  home       => '/opt/hello',

  comment    => 'hello world',

}

Actual Behavior:

Only "uid", "gid", "comment", and "groups" are fetched from /etc/passwd when forcelocal => true:
https://github.com/puppetlabs/puppet/blob/7.11.0/lib/puppet/provider/user/useradd.rb#L60-L78

"home" and "shell" are fetched from directory services, not from /etc/passwd.

The user resource shows a change to "home" and "shell" on each Puppet run even though nothing is changing.

Related:
Support for "comment" when forcelocal is true was added here: https://github.com/puppetlabs/puppet/pull/7768

Basically, I'm asking for that same support for all the other attributes pulled from /etc/passwd in the finduser() method