Issue #22778 has been updated by Stefan Schulte.
what do you mean with "**still** uses getent to check if a user or group already exists"? After using `forcelocal`? I have not used it myself and I don't have an LDAP environment to test this but `forcelocal` should check the existance of an user by parsing the content of the `/etc/passwd` file and should not use `getent`. And a new user will be created with `luseradd` instead of `useradd`. ---------------------------------------- Feature #22778: Puppet user resource should read only from local databases https://projects.puppetlabs.com/issues/22778#change-98801 * Author: Zachary Stern * Status: Re-opened * Priority: Normal * Assignee: * Category: * Target version: * Affected Puppet version: * Keywords: customer * Branch: ---------------------------------------- Currently, the puppet user type uses `getent` to get information about user resources. The problem with this is that `getent` will also report information from LDAP and other remote user management services that are configured in nsswitch.conf, which are not actually managed by Puppet. This can cause Puppet to think a user is in a local group, or not in a local group, when the opposite is true. This is especially problematic since we user the useradd suite of commands to actually manage the settings, which of course affect local users/groups only. Puppet's user type should have some way of examining only local users and groups, to check if something is currently true/present/etc. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
