The useradd provider can't create/modify/delete users in LDAP but if LDAP is configured on the host where Puppet is running the getpwent function used to obtain the list of current users for the instances method will list both local and LDAP users.
This causes problems when trying to use the resources metatype to purge unmanaged resources on an LDAP-enabled system since userdel will never be able to remove them (even if you wanted it to). This patch overrides the NSS-based getpwent call in the inherited instances method to parse /etc/passwd to ensure all of the users found for useradd are local regardless of the configuration in nsswitch.conf. Signed-off-by: Sean Millichamp <[email protected]> --- lib/puppet/provider/user/useradd.rb | 17 +++++++++++++++++ 1 files changed, 17 insertions(+), 0 deletions(-) diff --git a/lib/puppet/provider/user/useradd.rb b/lib/puppet/provider/user/useradd.rb index ba406cc..e531b4f 100644 --- a/lib/puppet/provider/user/useradd.rb +++ b/lib/puppet/provider/user/useradd.rb @@ -105,5 +105,22 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ end :absent end + + # Override the instances method from NameService + # The useradd set of commands don't work on LDAP users + # so we shouldn't list them via NSS + def self.instances + objects = [] + begin + File.open("/etc/passwd", "r").each do |line| + pwent = line.split(':') + objects << new(:name => pwent[0], :ensure => :present) + end + rescue + self.warning("Unable to open /etc/passwd for parsing. Unable to enumerate local users.") + end + objects + end + end -- 1.7.3.3 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
