On Jul 21, 2010, at 7:29 PM, Douglas Garstang wrote: > The need for this is driven from the fact that various packages will > often install a local user. In order to make sure that that id's of > any of these local users do not clash with id's from LDAP users, the > ldap client configuration needs to be fully deployed first. When the > RPM adds the user as part of it's pre/post install script, and useradd > calls getpwent, since ldap is already up, the same user id will not > get re-used.
Slightly OT, but is that any better? Say the last user in LDAP has a UID of 2000. A package creates a new local user and picks 2001 for the UID. Sometime later, you create a new user in LDAP. Since it isn’t aware of any local accounts, it also gets a UID of 2001 and now you have a conflict anyway. And besides, don’t most of the RPMs create the accounts they need with a specific, low numbered UID, rather than just picking the next available? FWIW, We started numbering our LDAP users at 1100 to avoid such conflicts. -- Rob McBroom <http://www.skurfer.com/> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
