Issue #14269 has been updated by Charlie Sharpsteen. Keywords changed from Groups LDAP to Groups LDAP customer
---------------------------------------- Bug #14269: Duplicate Group Membership with LDAP https://projects.puppetlabs.com/issues/14269#change-88419 * Author: Thomas Kishel * Status: Re-opened * Priority: Normal * Assignee: * Category: user * Target version: * Affected Puppet version: 2.7.1 * Keywords: Groups LDAP customer * Branch: ---------------------------------------- User accounts are stored in LDAP, but we also implement local accounts. Once bound to LDAP, Puppet misinterprets local group membership for local accounts, reconfiguring group membership every time. Prior to binding to LDAP # id webadm uid=1001(webadm) gid=1001(webadm) groups=1001(webadm),27(sudo) # groups webadm webadm : webadm sudo # id www-data uid=33(www-data) gid=33(www-data) groups=33(www-data),1001(webadm) # groups www-data www-data : www-data webadm After binding to LDAP # id webadm uid=1001(webadm) gid=1001(webadm) groups=1001(webadm),27(sudo) # groups webadm webadm : webadm sudo # id www-data uid=33(www-data) gid=33(www-data) groups=33(www-data),1001(webadm) # groups www-data www-data : www-data webadm Note, they remain the same. Yet, every run ... puppet-agent[8818]: (/Stage[main]/Users::Www_data/User[www-data]/groups) groups changed 'webadm,webadm' to 'webadm' puppet-agent[8818]: (/Stage[main]/Users::Webadm/User[webadm]/groups) groups changed 'sudo,sudo,www_edit,www_images' to 'sudo,www_edit,www_images' The relevant manifest follows. <pre><code class="ruby"> class users::webadm { user { 'webadm': ensure => present, uid => 1001, gid => 'webadm', groups => ['sudo'], membership => minimum, } } class users::www_data { user { 'www-data': membership => minimum, groups => 'webadm', } } </code></pre> This is related to Issue #3748 and Issue #3159 but the provider is (and should be) useradd, not ldap. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
