Skip to content

ocfletsencrypt user can get created as a local user #1263

New issue
New issue
Open
Open
ocfletsencrypt user can get created as a local user#1263
Labels
bug
@ethanwu10

Description

@ethanwu10
ethanwu10
opened on Feb 23, 2022

On a Puppet run on a clean Debian install it seems that Puppet will create the ocfletsencrypt user as a local system user (since presumably LDAP NSS isn't up yet)

puppet/modules/ocf/manifests/ssl/setup.pp

Lines 9 to 12 in f54d123

user { 'ocfletsencrypt':
groups => ['ssl-cert', 'sys'],
forcelocal => false,
}

This is a problem because the uid fo ocfletsencrypt must match the uid in LDAP, as the ocfletsencrypt user is used for updating certificates stored over NFS in a directory owned by the LDAP ocfletsencrypt user/uid.

It seems in 80d294b, forcelocal => false was added to try to stop this from happening, but evidently it doesn't forbid creating a local user.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions