Just FYI, I use a fact that checks authconfig --test for ldap enabled. Then I exclude my user base create run in puppet based on the existence if this fact.
For services and apps I include their user account creation in the module managing the service. Therefore they are no effected by the ldap fact. Cheers, Den On 15/06/2011, at 3:57, Jacob Helwig <[email protected]> wrote: > On Tue, 14 Jun 2011 07:45:44 -0700, bradejr wrote: >> >> Our environment (mostly RHEL) uses LDAP for user and group >> administration. Unfortunately, we have some cases where (broken) >> software insists on local users and groups. I'm guessing it's >> checking the files directly instead of using the proper system calls. >> >> Our current process is to create the local user/group matching the >> LDAP entries. How are people handling this case? Puppet won't create >> the user locally, as it sees the user as already existing. We are >> currently using exec to call the local versions of the commands >> (luseradd, lusermod, etc), but that's something of a hack and makes >> for more complex classes. Does anyone have a graceful way to handle >> this in puppet? >> >> Thanks, >> Rob >> > > Seems like it would be reasonable to make an luseradd provider for the > user type along the same lines as the existing useradd one. > > Thanks for already opening a ticket for this! > http://projects.puppetlabs.com/issues/7911 > > -- > Jacob Helwig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
