Issue #7911 has been updated by Chris Wiederkehr.
We have the same problem. I'm just adding some info, so others who run into this issue know why this happens. This is the error message you get if you want to locally remove a group which is defined in LDAP and dos not exist in the local /etc/group (anymore): //module/Group[goupname]/ensure) change from present to absent failed: Could not delete group keydist: Execution of '/usr/sbin/groupdel groupname' returned 6: UX: groupdel: ERROR: groupdel does not exist. The group type inherits from provider/nameservice.rb which relies on the ruby Etc module. And the Etc module uses getpwnam()/getgrnam() systemcalls. The systemcalls will look at your /etc/nsswitch.conf where ldap is defined as one of the group/user sources. I hope this helps ---------------------------------------- Bug #7911: Can't handle local users in LDAP environment https://projects.puppetlabs.com/issues/7911 Author: Rob Braden Status: Accepted Priority: Normal Assignee: Category: Target version: Telly Affected Puppet version: Keywords: Branch: Our environment (mostly RHEL) uses LDAP for user and group administration. Unfortunately, we have some cases where (broken) software insists on local users and groups. I'm guessing it's checking the files directly instead of using the proper system calls. Puppet won't create the user locally, as it sees the user as already existing. RHEL does have local versions of the user and group management commands (luseradd, lusermod, etc). Would there be any implications to adding a 'local' provider for the user type that adds support for managing local users and groups in an environment where most accounts are managed remotely? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
