Issue #5726 has been updated by James Goddard.
First of all, I realize that this is not a puppet problem. This issue is with the underlying CentOS useradd in our environment. We are not using winbind to bind to AD. We have nsswitch configured to use ldap, and our ldap configuration uses the ldap URI of our AD server. This may indeed be a problem with not all of our users having the unix extensions applied, but I am not sure. Here is a description of what I see, with minor obfuscation [root@se2db20 ~]# getent passwd 10286 <AD_USER>:ABCD!efgh12345$67890:10286:10008:<AD_Full_Name>:/home/CORP/<AD_USER>:/bin/bash [root@se2db20 ~]# useradd mysql_test [root@se2db20 ~]# getent passwd 10286 mysql_test:x:10286:10286::/home/mysql_test:/bin/bash [root@se2db20 ~]# getent passwd 10287 <Other_AD_USER>:ABCD!efgh12345$67890:10287:10008:<Full Name>:/home/<Other_AD_User>:/bin/sh [root@se2db20 ~]# id <AD_USER> uid=10286(mysql_test) gid=10008(LinuxDev) groups=10286(mysql_test) I may be missing an option to either my ldap.conf or system-auth? But in this specific instance, I know for a fact that the 10286 UID grabbed is for a user with the UNIX attributes, as are those surrounding it. ---------------------------------------- Feature #5726: Allow uid range when creating a user https://projects.puppetlabs.com/issues/5726 Author: Tim Stoop Status: Needs More Information Priority: Normal Assignee: Nigel Kersten Category: user Target version: Affected Puppet version: development Keywords: Branch: Hi there, It would be convenient if you could add a uid range when creating a new user. Otherwise, puppet creates a user with 'highest uid in /etc/passwd + 1', which usually is not what we want. For instance, we want our own users in the ranges 8000-8999, our customer's users in 9000-12999, system users in 1-999 and other types of users (for shared accounts and the like) in 1000-7999. Uids sometimes clash, currently. We solve it now by using extlookup and setting a specific uid, but allowing for a range to be used would be convenient for many situations. Something like this would be nice to be able to do: <pre> user { "oracle-cron": uid_min => 1000, uid_max => 7999, } </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
