Issue #5608 has been updated by James Turnbull. Target version set to 2.6.x
---------------------------------------- Bug #5608: Puppet shouldn't enumerate LDAP users for local user unmanaged resource purge https://projects.puppetlabs.com/issues/5608 Author: Sean Millichamp Status: Ready for Testing Priority: Normal Assignee: Sean Millichamp Category: user Target version: 2.6.x Affected Puppet version: 2.6.4 Keywords: Branch: https://github.com/seanmil/puppet/tree/ticket/2.6.x/5608 When using: resources { 'user': purge => true } in a Puppet configuration not setup for LDAP management (intentionally) it is using the system getent functions via listbyname() (inherited from lib/puppet/provider/nameservice.rb) which nevertheless lists all the LDAP users because they show in the getent database via nsswitch. This causes a number of problems in my situation: 1) The LDAP tree is large enough that Puppet can't complete in a reasonable amount of time when it has to list all of the users in LDAP 2) Puppet will see users it can't delete 3) Even if it could delete those users, I only want to use Puppet to manage just the local users Based on my reading of the code, if Puppet is being used to manage LDAP users the ldap.rb provider manages that itself and doesn't require use of getpwent in nameservice.rb The workaround I used is by overriding the listbyname() function in a custom provider (which inherits from useradd) to look for users in /etc/passwd. It seems like it would be safe to just modify the listbyname() function in nameservice.rb to look directly in /etc/passwd but I am not certain what else that might impact. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
