Prevent puppet run from iterating over user from winbind [closed]

asked 2017-06-26 05:05:58 -0600

dpech gravatar image

updated 2017-06-26 18:26:20 -0600

DarylW gravatar image

Hi,

I am trying to add an existing node with winbind configured to puppet. The puppet run is iterating over every user object provided from winbind. See example debug output below:

Debug: /User[username]: Provider useradd does not support features libuser; not managing attribute forcelocal
Debug: /User[username]: Provider useradd does not support features manages_solaris_rbac; not managing attribute roles
Debug: /User[username]: Provider useradd does not support features manages_solaris_rbac; not managing attribute auths
Debug: /User[username]: Provider useradd does not support features manages_solaris_rbac; not managing attribute profiles
Debug: /User[username]: Provider useradd does not support features manages_solaris_rbac; not managing attribute keys
Debug: /User[username]: Provider useradd does not support features manages_solaris_rbac; not managing attribute project
Debug: /User[username]: Provider useradd does not support features manages_aix_lam; not managing attribute attributes
Debug: /User[username]: Provider useradd does not support features manages_password_salt; not managing attribute salt
Debug: /User[username]: Provider useradd does not support features manages_password_salt; not managing attribute iterations

Is it possible to prevent puppet from iterating over every ldap user and group object?

edit retag flag offensive reopen merge delete

Closed for the following reason too localized by dpech
close date 2017-08-22 02:38:59.647198

Comments

Workaround (provided it suits your situation): Configure your directory service not allowing clients to compile a complete list of users. The client computer may only query one specific user.

Kai Burghardt gravatar imageKai Burghardt ( 2017-07-08 09:02:42 -0600 )edit

Unfortunatly, this will not work for us.

dpech gravatar imagedpech ( 2017-07-10 01:03:45 -0600 )edit

No one else facing this scenario?

dpech gravatar imagedpech ( 2017-08-18 01:58:17 -0600 )edit

Apaarently not. I'm just wondering anyway, what makes it iterate over the directory. I mean, usually you have to declare explicitly “do this and that”. Is there any PP related puppet code in your scenario that might cause this situation?

Kai Burghardt gravatar imageKai Burghardt ( 2017-08-19 07:17:59 -0600 )edit

I was wondering as well until I finally identified that the resource_facts module (which was just configured for a few servers) was collecting all resources on all servers. This also caused the iteration over LDAP objects. Thank you for leading me in the right direction

dpech gravatar imagedpech ( 2017-08-22 02:38:31 -0600 )edit