Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6730

Cannot appropriately manage NIS/LDAP users using forcelocal

    Details

    • Type: Bug
    • Status: Accepted
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Environment:

      OS: SLES 11. All users on LDAP/NIS. But some tools like Oracle and eGuard require that the user be present locally as well.

    • Template:
    • Master Config:
      Monolithic
    • Agent OS:
      SLES 11 (i386, x86_64)
    • Team:
      Platform OS
    • CS Priority:
      Normal

      Description

      Using the user resource type to manage an LDAP as a local user. The forcelocal & managehome attributes were used as below.

      user

      { 'afxubxb': ensure => 'present', forcelocal => 'true', comment => 'Password Management', gid => 'afbprod', groups => ['afxprod'], home => '/export/appl/uxprod/etc/ssh/afxubxb', password => 'NP', password_max_age => '-1', password_min_age => '-1', shell => '/bin/csh', uid => '44812', managehome => false }

      This complained that libuser is required. It was not clear that a package 'libuser' is required. That was an initial issue. Documentation or error message can be clearer.

      The libuser package was installed and that improved things.
      But, there are still issues:
      1. The user's home directory is still being managed even though managehome is set to false.
      2. The group is still being managed as a local group, regardless of how it is defined or not.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  anoop Anoop Kumar
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated: