Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-5015

Some of the user attributes in Aix could be UPPERCASE

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PUP 3.7.4
    • Fix Version/s: PUP 4.4.0
    • Component/s: Modules
    • Labels:
      None
    • Template:
    • Story Points:
      1
    • Sprint:
      Client 2015-12-16, Client 2015-12-30
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      User attributes will no longer be down-cased on AIX.

      Description

      Aix user attributes should maintain the original casing.

      We where experiencing a strange behavior with some users configured with Kerberos authentication.

      Having Krb configured for a user implies setting its "SYSTEM" attribute to a value of "KRB5Afiles".

      In hiera this was the (redacted) definition of one such users:

        xxxxx:
          ensure: present
          comment: XXXXXX
          gid: 'xxxxx'
          groups:
          - ssh_grp
          managehome: 'true'
          attributes:
          - SYSTEM=KRB5Afiles
          - registry=KRB5Afiles
          - auth_domain=DOMAIN.AD
          home: "%{::default_home}/xxxxx"
          shell: "%{::default_shell}"
          uid: 'xxxxx'
      

      And this is the (redacted) output from "lsuser -c xxxxx":

      #name:id:pgrp:groups:home:shell:gecos:login:su:rlogin:daemon:admin:sugroups:tpath:ttys:expires:auth1:auth2:umask:registry:SYSTEM:loginretries:pwdwarntime:account_locked:minage:maxage:maxexpired:minalpha:minother:mindiff:maxrepeats:minlen:histexpire:histsize:auth_domain:fsize:cpu:data:stack:core:rss:nofiles:stack_hard:time_last_login:tty_last_login:host_last_login:unsuccessful_login_count
      xxxxx:xxxxx:adm_nix:adm_nix,ssh_grp:/home/xxxxx:/usr/bin/bash:XXXXX:true:true:true:true:false:ALL:nosak:ALL:0:SYSTEM:NONE:22:KRB5Afiles:KRB5Afiles:0:0:false:0:0:-1:0:0:0:8:0:0:0:DOMAIN.AD:-1:-1:-1:-1:-1:-1:-1:-1:1435654795:/dev/pts/4:10.X.X.X:0
      

      Running puppet resulted in the users always been updated, at every run, because the "SYSTEM" (UPCASE string) field from lsuser command was converted to a ":system" (downcase symbol) property. This caused a mismatch between the expected attribute keys and what was parsed from lsuser output, causing the provider to think the user was missing one of the managed attributes at each run.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              kalugen SIMONE COLOMBO
              QA Contact:
              Eric Thompson
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support