Currently, the puppet user type uses `getent` to get information about user resources.
The problem with this is that `getent` will also report information from LDAP and other remote user management services that are configured in nsswitch.conf, and will report that a user exists even when it does not exist locally (as an entry in /etc/passwd and/or a directory in /home/$username)
This is especially problematic since we user the useradd suite of commands to actually manage the settings, which of course affect local users/groups only.
Puppet uses luseradd/etc in an LDAP environment, but should switch to useradd/etc when "forcelocal" is true.
Puppet's user type should have some way of examining/modifying only local users and groups when the forcelocal option is true.