Issue #22778 has been updated by Zachary Stern. Status changed from Duplicate to Re-opened
I do not believe this is a duplicate. As per my discussions with Jill Burrows, the user and group resources still uses `getent` to check if a user or group already exists, and this will always include the "remote" users/groups. Does the `forcelocal` parameter actually work around that in some way? If that is the case, then you can mark this as duplicate once again. ---------------------------------------- Feature #22778: Puppet user resource should read only from local databases https://projects.puppetlabs.com/issues/22778#change-98797 * Author: Zachary Stern * Status: Re-opened * Priority: Normal * Assignee: * Category: * Target version: * Affected Puppet version: * Keywords: customer * Branch: ---------------------------------------- Currently, the puppet user type uses `getent` to get information about user resources. The problem with this is that `getent` will also report information from LDAP and other remote user management services that are configured in nsswitch.conf, which are not actually managed by Puppet. This can cause Puppet to think a user is in a local group, or not in a local group, when the opposite is true. This is especially problematic since we user the useradd suite of commands to actually manage the settings, which of course affect local users/groups only. Puppet's user type should have some way of examining only local users and groups, to check if something is currently true/present/etc. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
