Hi Rene, I tried to replicate the behavior without luck.
Reading again your email I noticed that you used getent passwd to pull the LDAP data, but that does not guarantee you are pulling from LDAP as it depends on the order in your nsswitch.conf file. Here nsswitch.conf has files before ldap(I created locally auser and agroup as you) $ id auser uid=999(auser) gid=999(auser) groups=999(auser),666(agroup) $ getent passwd auser auser:*:999:999:Some user:/home/auser:/bin/bash Here ldap is before nsswitch.conf (I created in ldap auser and agroup) $ id auser uid=999(auser) gid=*888*(auser) groups=*888*(auser),666(agroup) $ getent passwd auser auser:*:999:*888*:auser test:/home/auser:/bin/bash So the change you see *changed 'agroup,agroup' to 'agroup' *sounds like auser has two agroup groups(with diff gid) and changing to have only one agroup. I might be wrong with this, but the issue should be around there. I've tried to avoid having same groups/users in ldap and locally to avoid similar issues. Hope that helps. On Tue, Mar 2, 2010 at 10:13 AM, Rene <[email protected]> wrote: > Hi Tony > > Thanks for the quick answer. > > Yes the group is defined in the LDAP too with the same GID. And here > the definition: > @user { auser: > comment => 'Some user', > ensure => present, > gid => somegid, > uid => 300, > groups => 'agroup', > home => '/application/home/auser', > shell => '/bin/bash', > require => [ Group['auser'], Group['agroup'] ], > } > > I have no idea what is going wrong..... > > > On Mar 2, 4:53 pm, "Tony G." <[email protected]> wrote: > > Hi Rene, > > > > Couple of things you might check: > > > > Do you have the agroup defined in LDAP too? If so that ldap group might > > have a differente gid as the local one. > > > > How looks the definition of the user in users::db? > > > > > > > > On Tue, Mar 2, 2010 at 8:44 AM, Rene <[email protected]> wrote: > > > On the System we have defined the user auser as: > > > /etc/passwd: > > > auser:x:300:300:auser User:/application/home/auser:/bin/bash > > > /etc/group: > > > agroup:x:126:auser > > > > > So id auser gives: > > > uid=300(auser) gid=300(auser) groups=126(agroup),300(auser) > > > > > In the LDAP we have: > > > #getent passwd auser > > > auser:x:300:300:auser User:/application/home/auser:/bin/bash > > > and > > > #getent group agroup > > > agroup:x:126:auser > > > > > Basically the same definition. > > > > > Now everytime I run puppet I get: > > > notice: //Node[default]/oracle/users::db/User[auser]/groups: groups > > > changed 'agroup,agroup' to 'agroup' > > > This is really strange..... > > > > > Does anybody know what the problem is here. Does Puppet Merge the > > > groups from local and ldap? > > > > > Any hint is appreciated. > > > > > BR, Rene > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Puppet Users" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<puppet-users%[email protected]> > <puppet-users%[email protected]<puppet-users%[email protected]> > > > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/puppet-users?hl=en. > > > > -- > > Tony > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-users%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- Tony -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
