Hi Rene,
I don't think there is a problem if the user is not in ldap.
Run the puppetd with --debug so you can see what command is being issued
before that notice is posted, that might give you a clue of what's doing
puppet.
On Thu, Mar 4, 2010 at 1:15 AM, Rene <rene.zbin...@gmail.com> wrote:
> Hi Tony
>
> Here my investigations for another user:
>
> For our storage user the following happens with puppet:
> notice: //Node[default]/netbackup/netbackup::general/users::storage/
> User[storage]/groups: groups changed 'log,log' to 'log'
>
> The user storage is not in ldap, but the group log. On ldap I have:
> log:*:126:user1,user2,user3,storage,user4
>
> Local I have:
> log:x:126:storage
>
> To get the information i always deleted the ldap or files entry in /
> etc/nsswitch.conf.
>
> I also have:
> only ldap in nsswitch.conf:
> # id storage
> uid=902(storage) gid=902(storage) groups=126(log),902(storage)
> only files in nsswitch.conf:
> id storage
> uid=902(storage) gid=902(storage) groups=126(log),902(storage)
>
> Do you have any other ideas?
>
> Do you think the problem could arise from that the user storage is not
> in ldap?
>
> On Mar 2, 7:50 pm, "Tony G." <tony...@gmail.com> wrote:
> > Hi Rene,
> >
> > I tried to replicate the behavior without luck.
> >
> > Reading again your email I noticed that you used getent passwd to pull
> the
> > LDAP data, but that does not guarantee you are pulling from LDAP as it
> > depends on the order in your nsswitch.conf file.
> >
> > Here nsswitch.conf has files before ldap(I created locally auser and
> agroup
> > as you)
> > $ id auser
> > uid=999(auser) gid=999(auser) groups=999(auser),666(agroup)
> > $ getent passwd auser
> > auser:*:999:999:Some user:/home/auser:/bin/bash
> >
> > Here ldap is before nsswitch.conf (I created in ldap auser and agroup)
> > $ id auser
> > uid=999(auser) gid=*888*(auser) groups=*888*(auser),666(agroup)
> > $ getent passwd auser
> > auser:*:999:*888*:auser test:/home/auser:/bin/bash
> >
> > So the change you see *changed 'agroup,agroup' to 'agroup' *sounds like
> > auser has two agroup groups(with diff gid) and changing to have only one
> > agroup. I might be wrong with this, but the issue should be around
> there.
> >
> > I've tried to avoid having same groups/users in ldap and locally to avoid
> > similar issues.
> >
> > Hope that helps.
> >
> >
> >
> > On Tue, Mar 2, 2010 at 10:13 AM, Rene <rene.zbin...@gmail.com> wrote:
> > > Hi Tony
> >
> > > Thanks for the quick answer.
> >
> > > Yes the group is defined in the LDAP too with the same GID. And here
> > > the definition:
> > > @user { auser:
> > > comment => 'Some user',
> > > ensure => present,
> > > gid => somegid,
> > > uid => 300,
> > > groups => 'agroup',
> > > home => '/application/home/auser',
> > > shell => '/bin/bash',
> > > require => [ Group['auser'], Group['agroup'] ],
> > > }
> >
> > > I have no idea what is going wrong.....
> >
> > > On Mar 2, 4:53 pm, "Tony G." <tony...@gmail.com> wrote:
> > > > Hi Rene,
> >
> > > > Couple of things you might check:
> >
> > > > Do you have the agroup defined in LDAP too? If so that ldap group
> might
> > > > have a differente gid as the local one.
> >
> > > > How looks the definition of the user in users::db?
> >
> > > > On Tue, Mar 2, 2010 at 8:44 AM, Rene <rene.zbin...@gmail.com> wrote:
> > > > > On the System we have defined the user auser as:
> > > > > /etc/passwd:
> > > > > auser:x:300:300:auser User:/application/home/auser:/bin/bash
> > > > > /etc/group:
> > > > > agroup:x:126:auser
> >
> > > > > So id auser gives:
> > > > > uid=300(auser) gid=300(auser) groups=126(agroup),300(auser)
> >
> > > > > In the LDAP we have:
> > > > > #getent passwd auser
> > > > > auser:x:300:300:auser User:/application/home/auser:/bin/bash
> > > > > and
> > > > > #getent group agroup
> > > > > agroup:x:126:auser
> >
> > > > > Basically the same definition.
> >
> > > > > Now everytime I run puppet I get:
> > > > > notice: //Node[default]/oracle/users::db/User[auser]/groups: groups
> > > > > changed 'agroup,agroup' to 'agroup'
> > > > > This is really strange.....
> >
> > > > > Does anybody know what the problem is here. Does Puppet Merge the
> > > > > groups from local and ldap?
> >
> > > > > Any hint is appreciated.
> >
> > > > > BR, Rene
> >
> > > > > --
> > > > > You received this message because you are subscribed to the Google
> > > Groups
> > > > > "Puppet Users" group.
> > > > > To post to this group, send email to puppet-users@googlegroups.com
> .
> > > > > To unsubscribe from this group, send email to
> > > > > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> <puppet-users%2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com>
> >
> > > <puppet-users%2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com>
> <puppet-users%252bunsubscr...@googlegroups.com<puppet-users%25252bunsubscr...@googlegroups.com>
> >
> >
> > > > > .
> > > > > For more options, visit this group at
> > > > >http://groups.google.com/group/puppet-users?hl=en.
> >
> > > > --
> > > > Tony
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Puppet Users" group.
> > > To post to this group, send email to puppet-us...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> <puppet-users%2bunsubscr...@googlegroups.com<puppet-users%252bunsubscr...@googlegroups.com>
> >
> > > .
> > > For more options, visit this group at
> > >http://groups.google.com/group/puppet-users?hl=en.
> >
> > --
> > Tony
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
Tony
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
