Issue #3159 has been updated by Jo Rhett.
I found it!! It turns out that none of these puppet daemons had been restarted since they actually set up ldap on the client system like, puppet added the ldap package, modified nsswitch.conf, ldap.conf etc. and puppet hadn't been restarted since then restarting the daemon solved the problem. This seems to relate to other bugs about caching information. What confuses me is that LDAP was installed over a month ago on these systems. That seems to be an awful long time to cache user/group information! ---------------------------------------- Bug #3159: LDAP groups are being mis-interpretted by RAL https://projects.puppetlabs.com/issues/3159 Author: Joel Heenan Status: Needs More Information Priority: Normal Assignee: Category: RAL Target version: Affected Puppet version: 0.24.8 Keywords: ldap, ral, centos, rhel, nss Branch: It seems puppet is getting confused regarding ldap users and groups err: //Node[foo]/class/File[/var/log/httpd]: Failed to retrieve current state of resource: Could not find group readonly at /etc/puppet/svn/manifests/common/common.pp:26 [foo ~]# getent group | grep readonly readonly:*:4002:user1,user2 [foo ~]# ralsh group readonly group { 'readonly': ensure => 'absent' } Using Centos 5.4 with Xen, and 389 Directory Server. Puppet version puppet-0.24.8-4.el5. Facter facter-1.5.7-1.el5. NSS ldap nss_ldap-253-22.el5_4. Is this a known problem? I googled around a bit and found similar problems but nothing that looked exactly the same. Thanks Joel -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
