Issue #13686 has been updated by Matthaus Litteken. Status changed from Merged - Pending Release to Closed
Released in Puppet 2.7.14rc1 ---------------------------------------- Bug #13686: directoryservices provider can't handle missing ShadowHashData item https://projects.puppetlabs.com/issues/13686#change-60746 Author: Clay Caviness Status: Closed Priority: Normal Assignee: Gary Larizza Category: Darwin Target version: 2.7.14 Affected Puppet version: 2.7.12 Keywords: Branch: https://github.com/puppetlabs/puppet/pull/644 If a user plist ends up in a state with no ShadowHashData entry, directoryservices provider is unable to fix, failing with an error: `err: /Stage[main]/Security::Local_users/User[testuser]/password: change from [old password hash redacted] to [new password hash redacted] failed: The directoryservice provider can not handle attribute password at [...]users.pp:40` Inspecting the testuser.plist file in /var/db/dslocal/Default/users/, I found it was _missing_ the ShadowHashData item entirely. (I suspect this happened during a puppet run as we upgraded from 2.7.6 to 2.7.12, but I can't seem to recreate it reliably.) I tweaked directoryservice.rb at line 324 to create it if it was missing: <pre> if users_plist['ShadowHashData'] # users_plist['ShadowHashData'][0].string is actually a binary plist # that's nested INSIDE the user's plist (which itself is a binary # plist). password_hash_plist = users_plist['ShadowHashData'][0].string converted_hash_plist = convert_binary_to_xml(password_hash_plist) else users_plist['ShadowHashData'] = [StringIO.new] converted_hash_plist = {'SALTED-SHA512'=>StringIO.new} end </pre> ... and this seems to fix thing, though I'm not sure if this is the best method. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
