On Wednesday, February 26, 2014 4:17:05 PM UTC-6, bluethundr wrote:
>
> Hey all,
>
> I've created a puppet module to control LDAP in my environment. The ldap
> packages on both the centos and ubuntu hosts seem to require a user and
> group called 'ldap' (respectively).
>
> in my ldap::install class I have the following defined:
>
> user { "ldap":
> ensure => present,
> }
>
> group { "ldap":
> ensure => present, }
>
>
You may be overthinking this. Certainly on CentOS and probably on Ubuntu,
the standard OpenLDAP packages take care of ensuring the needed user and
group configuration is setup up.
It is not entirely superfluous to manage them in Puppet as well if you're
worried about them being removed later, but do note that the user and group
may have standard UID and GID numbers, respectively, in each distribution,
and that assigning them different ones may cause you grief. Also note that
these are generally a 'system' user and group, and as such they should take
UID and GID numbers in a different (lower) range than than standard users
and groups do.
Note also that your User declaration is probably underspecified. In
addition to declaring it a 'system' user, you should also declare that it
must belong to group 'ldap'. I suspect that doing so will resolve your
problem, though if *not* doing so causes a problem then that constitutes a
minor bug. Feel free to file a ticket.
>
> But on each puppet run after the user and group is created the following
> error occurs:
>
> err: /Stage[main]/Ldap::Install/User[ldap]/ensure: change from absent to
> present failed: Could not create user ldap: Execution of '/usr/sbin/usera
> dd -M ldap' returned 9: useradd: group ldap exists - if you want to add
> this user to that group, use -g.
>
> Is there any way to achieve being able to create this user and group and
> avoid the error on each run thereafter?
>
>
I'm confident that there is. Try adding
system => true
to both the User and the Group declaration, and adding
gid => 'ldap'
to the group declaration. Let us know how it works out.
John
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/7786ab6f-aeb7-4e6d-98dd-1e577883421e%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
