On Fri, 2011-02-25 at 13:32 -0800, Jesse Wolfe wrote: > Sorry that I'm late to the party one this one, but I have some questions. > groupadd must also have the problem, is that correct? > And it probably also affects the "pw" provider for BSD? > > If so, I think we should remove the getent code entirely and replace > it with passwd and group file parsing at the share ancestor.
Jesse, That is likely true. However, my initial question on that approach is are there other instances in Puppet where user lookups occur for some reason that require results from LDAP or other nsswitch/pw providers (I'm thinking file ownership and maybe ssh_authorized_key users). I don't have any idea how Puppet handles those types of things internally. Sean > On Sun, Dec 19, 2010 at 2:52 PM, Sean Millichamp <[email protected]> wrote: > > The useradd provider can't create/modify/delete users in LDAP but > > if LDAP is configured on the host where Puppet is running the > > getpwent function used to obtain the list of current users for > > the instances method will list both local and LDAP users. > > > > This causes problems when trying to use the resources metatype to > > purge unmanaged resources on an LDAP-enabled system since userdel > > will never be able to remove them (even if you wanted it to). > > > > This patch overrides the NSS-based getpwent call in the inherited > > instances method to parse /etc/passwd to ensure all of the > > users found for useradd are local regardless of the configuration > > in nsswitch.conf. > > > > Signed-off-by: Sean Millichamp <[email protected]> > > --- > > lib/puppet/provider/user/useradd.rb | 17 +++++++++++++++++ > > 1 files changed, 17 insertions(+), 0 deletions(-) > > > > diff --git a/lib/puppet/provider/user/useradd.rb > > b/lib/puppet/provider/user/useradd.rb > > index ba406cc..e531b4f 100644 > > --- a/lib/puppet/provider/user/useradd.rb > > +++ b/lib/puppet/provider/user/useradd.rb > > @@ -105,5 +105,22 @@ Puppet::Type.type(:user).provide :useradd, :parent => > > Puppet::Provider::NameServ > > end > > :absent > > end > > + > > + # Override the instances method from NameService > > + # The useradd set of commands don't work on LDAP users > > + # so we shouldn't list them via NSS > > + def self.instances > > + objects = [] > > + begin > > + File.open("/etc/passwd", "r").each do |line| > > + pwent = line.split(':') > > + objects << new(:name => pwent[0], :ensure => :present) > > + end > > + rescue > > + self.warning("Unable to open /etc/passwd for parsing. Unable to > > enumerate local users.") > > + end > > + objects > > + end > > + > > end > > > > -- > > 1.7.3.3 > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Puppet Developers" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > > http://groups.google.com/group/puppet-dev?hl=en. > > > > > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
