rvlinden
2011-Mar-31 10:55 UTC
[Puppet Users] Set password for local user account but not for remote accounts in LDAP/AD
I have a list of virtual users define (like the example below) and the
same account will be realized on servers where the account will be
local (/etc/passwd), but also on servers which have local accounts and
remote accounts (like LDAP and/or AD).
@user {
"userx":
ensure => present,
uid => "500",
gid => "200",
groups => "users",
comment => "User x",
home => "/home/userx",
password => "blablabla",
shell => "/bin/bash",
managehome => "true",
}
For local accounts, this works fine, but for LDAP/AD enabled servers,
puppet also wants to change the password and this is not what I want.
Is there a way to skip setting the password for LDAP/AD enabled
servers ?
NOTE: At this moment I have to change the virtual user definition by
commenting (out) the password line each time.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
jcbollinger
2011-Mar-31 15:20 UTC
[Puppet Users] Re: Set password for local user account but not for remote accounts in LDAP/AD
On Mar 31, 5:55 am, rvlinden <rene.vanderlinde...@gmail.com> wrote:> I have a list of virtual users define (like the example below) and the > same account will be realized on servers where the account will be > local (/etc/passwd), but also on servers which have local accounts and > remote accounts (like LDAP and/or AD). > > @user { > "userx": > ensure => present, > uid => "500", > gid => "200", > groups => "users", > comment => "User x", > home => "/home/userx", > password => "blablabla", > shell => "/bin/bash", > managehome => "true", > > } > > For local accounts, this works fine, but for LDAP/AD enabled servers, > puppet also wants to change the password and this is not what I want. > > Is there a way to skip setting the password for LDAP/AD enabled > servers ? > > NOTE: At this moment I have to change the virtual user definition by > commenting (out) the password line each time.On your LDAP-based nodes, try realizing your users this way: # All virtual users User<| |> { password => undef } or this way: # Specific virtual user User<| title == ''userx'' |> { password => undef } Or, you could write your declarations differently: @user { "userx": ... password => $i_am_an_ldap_node ? { ''yes'' => undef, default => "blablabla" } ... } Or, you could create a subclass of the class that declares your users, and in it override all the users'' passwords to undef. Then include that subclass on the ldap-based nodes (either instead of or in addition to its base class; it doesn''t matter). There are other alternatives, but all of the ones I can think of introduce duplication into your manifests. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
rvlinden
2011-Apr-01 14:05 UTC
[Puppet Users] Re: Set password for local user account but not for remote accounts in LDAP/AD
hi john, thanks for your suggestions, i can certainly use the renewed declaration and I will have a look at the way you realized them, Rene -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.