Details
-
Type:
New Feature
-
Status: Accepted
-
Priority:
Normal
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: PUP 5.y
-
Component/s: None
-
Labels:
-
Template:customfield_10700 28357
-
Epic Link:
-
Team:Platform OS
-
CS Priority:Reviewed
Description
Currently, the puppet user type uses `getent` to get information about user resources.
The problem with this is that `getent` will also report information from LDAP and other remote user management services that are configured in nsswitch.conf, and will report that a user exists even when it does not exist locally (as an entry in /etc/passwd and/or a directory in /home/$username)
This is especially problematic since we user the useradd suite of commands to actually manage the settings, which of course affect local users/groups only.
Puppet uses luseradd/etc in an LDAP environment, but should switch to useradd/etc when "forcelocal" is true.
Puppet's user type should have some way of examining/modifying only local users and groups when the forcelocal option is true.
Attachments
Issue Links
- is supported by
-
DOCUMENT-800 Improve documentation of forcelocal and libuser in user management workflows
-
- In Progress
-
- relates to
-
PUP-2387 Remote users, specifically AD-LDAP, do not have their home directories created with managehome set to true
-
- Accepted
-
-
-
- Accepted
-
- clones
- links to
