The "." in the dscl command specifies the local directory domain. If you
change that "." in the dscl command to "/Search" it will pickup the OD Users
as well as the local users of the current system.
However, just doing that won't fix the problem since it can then still create a
local account with a UID in the OD UID range. If you do this on the OD master,
then WorkGroup manager will see the UID in the local domain and not reuse it
when creating an OD account. However, when you install macports on a client
system you could have problems, when you next create an account in the OD
master, since WorkGroup Manger won't see the accounts in the local directories
on the clients. For example:
- Highest UID in OD master is 1039.
- Install macports on OD master and macports is created as a local account
with UID 1040.
- Install macports on client A and macports is created as local account UID
1040.
All is still okay. The /Search still only turns up 1039 as the highest UID,
since
macports was created in the local directory of the OD master and the client
doesn't
see that.
- Create a new OD account, it gets UID 1041.
- Install macports on client B, macports created as local account on B with
UID 1042.
- Create another OD account, it gets UID 1042 since WorkGroup Manager can't see
the local directory of client B. Now user with UID 1042 can't log in to
client B.
There might be ways around this but it seems like it would be simpler to first
try to look for free UIDs in the local domain that are below 1000. If there are
none, then maybe create it but issue a warning that it might conflict with
network accounts.
What I'll probably do is pick a UID below 1000 that is unused on any of my
systems, then I'll have puppet use it to create a macports account on all my
systems before upgrading to 2.0.
- David
On Jul 25, 2011, at 4:10 PM, Rainer Müller wrote:
> On 2011-07-26 00:53 , Daniel J. Luke wrote:
>> On Jul 25, 2011, at 6:26 PM, David L Ballenger wrote:
>>> On my laptop, which is connected to my Open Directory domain, my personal
>>> account is set up as a mobile accoun, which means I have an account int the
>>> local domain with a UID of 1025 and macports got an ID of 1026. That meant
>>> that the Open Directory user with that ID (my wife) could no longer log into
>>> her network account using my laptop.
>>
>> So, there was already an OD account with ID 1026 (or did you try to set up
>> your wife's account later, and that failed?)
>>
>> I _think_ getpwuid() should pull in the information from OD (and maybe
>> there's a lion change/bug that is causing the issue?). Certainly the manpage
>> on 10.6 says "These functions obtain information from DirectoryService(8)"
>
> The macports user itself is not being created there, but in the
> portmgr/dmg/postflight script.
>
> The essential command is this one:
>
> ${DSCL} -q . -create /Users/${RUNUSR} UniqueID $(($(${DSCL} . -list
> /Users UniqueID | /usr/bin/awk '{print $2}' | sort -ug | tail -1)+1))
>
> So here we are looking for the greatest ID in use and take the next one.
>
> Could it be that this kind of account is not recognized as we are
> querying "." (the local domain) only?
>
> Rainer
_______________________________________________
macports-dev mailing list
macports-dev@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
