On a Puppet run on a clean Debian install it seems that Puppet will create the ocfletsencrypt user as a local system user (since presumably LDAP NSS isn't up yet)
|
user { 'ocfletsencrypt': |
|
groups => ['ssl-cert', 'sys'], |
|
forcelocal => false, |
|
} |
This is a problem because the uid fo
ocfletsencrypt must match the uid in LDAP, as the
ocfletsencrypt user is used for updating certificates stored over NFS in a directory owned by the LDAP
ocfletsencrypt user/uid.
It seems in 80d294b, forcelocal => false was added to try to stop this from happening, but evidently it doesn't forbid creating a local user.
On a Puppet run on a clean Debian install it seems that Puppet will create the
ocfletsencryptuser as a local system user (since presumably LDAP NSS isn't up yet)puppet/modules/ocf/manifests/ssl/setup.pp
Lines 9 to 12 in f54d123
This is a problem because the uid fo
ocfletsencryptmust match the uid in LDAP, as theocfletsencryptuser is used for updating certificates stored over NFS in a directory owned by the LDAPocfletsencryptuser/uid.It seems in 80d294b,
forcelocal => falsewas added to try to stop this from happening, but evidently it doesn't forbid creating a local user.