Sorry that I'm late to the party one this one, but I have some questions. groupadd must also have the problem, is that correct? And it probably also affects the "pw" provider for BSD?
If so, I think we should remove the getent code entirely and replace it with passwd and group file parsing at the share ancestor. On Sun, Dec 19, 2010 at 2:52 PM, Sean Millichamp <[email protected]> wrote: > The useradd provider can't create/modify/delete users in LDAP but > if LDAP is configured on the host where Puppet is running the > getpwent function used to obtain the list of current users for > the instances method will list both local and LDAP users. > > This causes problems when trying to use the resources metatype to > purge unmanaged resources on an LDAP-enabled system since userdel > will never be able to remove them (even if you wanted it to). > > This patch overrides the NSS-based getpwent call in the inherited > instances method to parse /etc/passwd to ensure all of the > users found for useradd are local regardless of the configuration > in nsswitch.conf. > > Signed-off-by: Sean Millichamp <[email protected]> > --- > lib/puppet/provider/user/useradd.rb | 17 +++++++++++++++++ > 1 files changed, 17 insertions(+), 0 deletions(-) > > diff --git a/lib/puppet/provider/user/useradd.rb > b/lib/puppet/provider/user/useradd.rb > index ba406cc..e531b4f 100644 > --- a/lib/puppet/provider/user/useradd.rb > +++ b/lib/puppet/provider/user/useradd.rb > @@ -105,5 +105,22 @@ Puppet::Type.type(:user).provide :useradd, :parent => > Puppet::Provider::NameServ > end > :absent > end > + > + # Override the instances method from NameService > + # The useradd set of commands don't work on LDAP users > + # so we shouldn't list them via NSS > + def self.instances > + objects = [] > + begin > + File.open("/etc/passwd", "r").each do |line| > + pwent = line.split(':') > + objects << new(:name => pwent[0], :ensure => :present) > + end > + rescue > + self.warning("Unable to open /etc/passwd for parsing. Unable to > enumerate local users.") > + end > + objects > + end > + > end > > -- > 1.7.3.3 > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
