I am using Puppet to configure Ubuntu machines as LDAP clients, which makes a variety of external users available to my machines, and then attempting to create home directories with SSH keys for some of those users that I have just 'added'. (At this point we are not sharing/ automounting /home.)
The basic order of action is this: - install libnss-ldapd, which depends on/starts nscd/nslcd - install ldap-auth-config & various config files - run auth-client-config, which sets up the PAM config files to include LDAP users (1) - restart nscd (2) - create homedirs for LDAP users If I run these steps manually, at point (1) I can get results from 'getent passwd' that include LDAP users, but I can't su to an LDAP user. If I then restart nscd — it's not enough to just invalidate the cache — I can then su. I have a carefully constructed set of require/notify resources which causes all the right actions to happen, but every time I run Puppet (puppetd --test), I get told the user does not exist: err: //homedirs/Homedirectory[example]/File[/home/example]/ensure: change from absent to directory failed: Could not set directory on ensure: Could not find user example at /etc/puppet/modules/homedirs/ manifests/init.pp:37 At this point though, I *can* su to the example user. If I then run puppet again, it sometimes fails on a second time through, but oddly always works by the third. At point (2) I have a Service resource to restart nscd, and have even caused it to Exec a sleep of up to 15 seconds afterwards - no change. This leads me to wonder if the state of the users that exist is calculated/cached at the beginning of puppet's run, and won't be updated during, if something happens to change the state. Is this likely, and if so, what could I do to work around it? Thanks Craig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
