Issue #15610 has been updated by eric sorenson. Status changed from Unreviewed to Investigating Assignee set to Gary Larizza
Gary can you see if this is still an issue with your recent 10.8 work? Thanks ---------------------------------------- Bug #15610: users created by puppet on OS X Lion cannot change their own password and jpegphoto https://projects.puppetlabs.com/issues/15610#change-68945 Author: Gerard Kok Status: Investigating Priority: Normal Assignee: Gary Larizza Category: OSX Target version: Affected Puppet version: 2.7.6 Keywords: Branch: Allow me to explain our situation: we have puppet manage all our laptops, and, with a few exceptions, every laptop is used by a single user. When Lion was released, I setup a migration scenario where every laptop was wiped clean, and then reinstalled using puppet as bootstrap mechanism (as aside, this was to migrate from FileVault 1 to FileVault 2). Puppet would also create the user account of the user using the laptop (without password, we would set that when we handed the laptop over to the user again). After a while I discovered that users were not able to change their own password and picture, while users created using System Preferences had no problem doing that (all without admin privileges, our users don't have admin rights). At that time I could not figure out what was causing this, but with Mountain Lion almost released, I decided to look a second time (because users not able to change their own password doesn't really sit well with me). After comparing two user plists from /var/db/dslocal/nodes/Default/users/ (one created with puppet, and one using system Preferences), I discovered that the puppet-created one was missing the 'dsAttrTypeNative' fields (to be precise: _writers_LinkedIdentity, _writers_UserCertificate, _writers_hint, _writers_jpegphoto, _writers_passwd and _writers_realname). I guess these fields control who can write the mentioned field (in the System Preferences generated user, these fields were set to the actual username). After adding these fields to my puppet-generated user with dscl, I can now change the password and the picture of that user. Although it's possible to set the various attributes using dscl in a few execs, I suppose it's cleaner to add it to the directoryservice provider. We installed Lion using puppet 2.7.6, but the same behavior is present in 2.7.18. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
