On Mar 31, 5:55 am, rvlinden <[email protected]> wrote:
> I have a list of virtual users define (like the example below) and the
> same account will be realized on servers where the account will be
> local (/etc/passwd), but also on servers which have local accounts and
> remote accounts (like LDAP and/or AD).
>
> @user {
> "userx":
> ensure => present,
> uid => "500",
> gid => "200",
> groups => "users",
> comment => "User x",
> home => "/home/userx",
> password => "blablabla",
> shell => "/bin/bash",
> managehome => "true",
>
> }
>
> For local accounts, this works fine, but for LDAP/AD enabled servers,
> puppet also wants to change the password and this is not what I want.
>
> Is there a way to skip setting the password for LDAP/AD enabled
> servers ?
>
> NOTE: At this moment I have to change the virtual user definition by
> commenting (out) the password line each time.
On your LDAP-based nodes, try realizing your users this way:
# All virtual users
User<| |> { password => undef }
or this way:
# Specific virtual user
User<| title == 'userx' |> { password => undef }
Or, you could write your declarations differently:
@user {
"userx":
...
password => $i_am_an_ldap_node ? {
'yes' => undef,
default => "blablabla"
}
...
}
Or, you could create a subclass of the class that declares your users,
and in it override all the users' passwords to undef. Then include
that subclass on the ldap-based nodes (either instead of or in
addition to its base class; it doesn't matter).
There are other alternatives, but all of the ones I can think of
introduce duplication into your manifests.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
