ocfletsencrypt user can get created as a local user

[ethanwu10]

On a Puppet run on a clean Debian install it seems that Puppet will create the ocfletsencrypt user as a local system user (since presumably LDAP NSS isn't up yet)

puppet/modules/ocf/manifests/ssl/setup.pp

Lines 9 to 12 in f54d123

	user { 'ocfletsencrypt':
	groups => ['ssl-cert', 'sys'],
	forcelocal => false,
	}

This is a problem because the uid fo ocfletsencrypt must match the uid in LDAP, as the ocfletsencrypt user is used for updating certificates stored over NFS in a directory owned by the LDAP ocfletsencrypt user/uid.

It seems in 80d294b, forcelocal => false was added to try to stop this from happening, but evidently it doesn't forbid creating a local user.