thr3ads.net - Puppet users - [Puppet Users] Adding LDAP users to system group [Jun 2011]

If this information is useful, please help other people find it:
Share via:

Gareth Allen

2011-Jun-14 10:02 UTC

[Puppet Users] Adding LDAP users to system group

Hi all,

All our users are stored in LDAP, but I need to add users to a system
group for sudo rules.  Is there a way to do this without having Puppet
manage the user? For example:
getent passwd gareth.allen
gareth.allen:XXXXXXXXXX:1100:1100:Gareth Allen:/home/gareth.allen:/bin/bash

/etc/group contents:
mysql:x:27:

Now, I need Puppet to do the following:
mysql:x:27:gareth.allen

The only way I can think of doing this is by having Puppet manage
/etc/groups, but I''m a bit nervous of going that route. Does anyone
have any ideas?

Thanks,
Gareth

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

romuald FREBAULT

2011-Jun-20 07:41 UTC

head link

Re: [Puppet Users] Adding LDAP users to system group

hi,

i''m maybe misunderstanding your quetiosn but for me there''s 2
ways doing
thaht:

first with exec

exec {"add_user_to_group":
         command => "usermod -G mysql $user",
         unless => "getent group mysql | grep $user"
        }

this will add mysql as secondary group for $user

or

user {"$user":
        groups => ["primarygroup","mysql"]

        }

this will do the same

but for me, the best would be to handle this by your ldap configuration with
something like this

http://blog.dimaj.net/2010/07/howto-verify-that-a-member-is-part-of-a-secondary-group-in-openldap/


2011/6/14 Gareth Allen <gallen@openworld.co.za>
> Hi all,
>
> All our users are stored in LDAP, but I need to add users to a system
> group for sudo rules.  Is there a way to do this without having Puppet
> manage the user? For example:
> getent passwd gareth.allen
> gareth.allen:XXXXXXXXXX:1100:1100:Gareth Allen:/home/gareth.allen:/bin/bash
>
> /etc/group contents:
> mysql:x:27:
>
> Now, I need Puppet to do the following:
> mysql:x:27:gareth.allen
>
> The only way I can think of doing this is by having Puppet manage
> /etc/groups, but I''m a bit nervous of going that route. Does
anyone
> have any ideas?
>
> Thanks,
> Gareth
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Puppet users - Jun 2011 - Adding LDAP users to system group

[Puppet Users] Adding LDAP users to system group

Re: [Puppet Users] Adding LDAP users to system group