Details
-
New Feature
-
Status: Closed
-
Normal
-
Resolution: Duplicate
-
None
-
None
-
None
-
Night's Watch
-
Reviewed
-
35745
-
1
Description
Currently, the puppet user type uses `getent` to get information about user resources.
The problem with this is that `getent` will also report information from LDAP and other remote user management services that are configured in nsswitch.conf, and will report that a user exists even when it does not exist locally (as an entry in /etc/passwd and/or a directory in /home/$username)
This is especially problematic since we user the useradd suite of commands to actually manage the settings, which of course affect local users/groups only.
Puppet uses luseradd/etc in an LDAP environment, but should switch to useradd/etc when "forcelocal" is true.
Puppet's user type should have some way of examining/modifying only local users and groups when the forcelocal option is true.
Attachments
Issue Links
- is supported by
-
DOCUMENT-800 Improve documentation of forcelocal and libuser in user management workflows
-
- Resolved
-
- relates to
-
PUP-2387 Remote users, specifically AD-LDAP, do not have their home directories created with managehome set to true
-
- Accepted
-
-
PUP-9465 group resource type misunderstands/misuses libuser
-
- Resolved
-
- clones
- links to