[Puppet Users] Handling users in different environments

[Francisco Reyes]

Long term we plan to use LDAP or AD, but in the mean time we are 
considering to use puppet.
Most machines only have 3 to 6 users (admins and developers).

My thought was to fully manage new machines and to use puppet to be able to 
disable existing users in pre-existing machines.
Is that a reasonable approach or is it best to do the work get user 
management for now completely under puppet?

I found an "adduser" function so I was planning.
base-node
adduser user-1
....
adduser user-n

for the "fully" managed
The adduser would look like
name    => "First Last",
uid      => "1000",
password => 'Password-hash',
shell => "/bin/bash",
groups => ['sudo'],
sshkeytype => "ssh-dss",
sshkey => "ssh-key"}

For the "partially" managed was thinking of using a subset of that, but 
when I tried to put the adduser calls in a second base node got an error 
about Duplicate declaration.

The adduser function I am using:
--------------- adduser --------------
define adduser ($name, $uid, $password, $shell, $groups, $sshkeytype, 
$sshkey){

$homedir = $kernel ? {
  'SunOS' => '/export/home',
  default   => '/home'
 }

 $username = $title
 user { $username:
  comment => "$name",
  home    => "$homedir/$username",
  shell   => "$shell",
  uid     => $uid,
  gid => $uid,
  managehome => 'true',
  password  => "$password",
  groups => $groups
 }

 group { $username:
  gid => "$uid"
 }

 ssh_authorized_key{ $username:
  user => "$username",
  ensure => present,
  type => "$sshkeytype",
  key => "$sshkey",
  name => "$username"
 }
}#add
--------------- adduser --------------

The base node
node base-web
{
  include ubuntu-openntpd
  import "../functions/adduser.pp"
}

adduser {user1:
name    => "first last",
uid      => "1000",
password => 'pass-hash',
shell => "/bin/bash",
groups => ['sudo'],
sshkeytype => "ssh-dss",
sshkey => "key"
}

...
adduser {user-n:
name    => "first last",
uid      => "10##", <--whatever end number
password => 'pass-hash',
shell => "/bin/bash",
groups => ['sudo'],
sshkeytype => "ssh-dss",
sshkey => "key"
}

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.