- From: Jacob Vanderdray <
>
- To:
- Subject: [chef] Re: Re: Locking User Accounts
- Date: Mon, 1 Nov 2010 16:20:52 -0400
Yeah, that was my problem. I'd never actually set a password for the
account so it was effectively locked already. Sorry for the extra email.
Once I set a password, I was able to lock/unlock the account by updating the
data bag entry.
Thanks,
Jake.
On Nov 1, 2010, at 4:17 PM, AJ Christensen wrote:
>
Yo,
>
>
On 1 November 2010 12:41, Jacob Vanderdray
>
<
>
>
wrote:
>
>
I'm working on making the users cookbook work for doing more general
>
user management. I've created a default recipe and I've got it now adding
>
users defined in a data bag (even if they aren't in the sysadmin group). I
>
want to be able to lock accounts, so I've added a "locked" attribute to the
>
data bag entries. I also added the following to my recipe:
>
>
# Lock or unlock the account
>
user u['id'] do
>
if u['locked'] then
>
action :lock
>
else
>
action :unlock
>
end
>
end
>
>
I'm not getting any errors, but when I set the lock attribute to
>
true on an entry and run chef-client in debug mode it reports:
>
>
[Mon, 01 Nov 2010 12:20:30 -0700] DEBUG: No need to lock user[jvanderdray]
>
>
It's (supposed to be) idempotent, so you'd only receive this error when
>
jvanderdray was locked already. What platform are you on? What does the
>
output of `passwd -S jvanderdray` say?
>
>
Regards,
>
>
AJ
Archive powered by MHonArc 2.6.16.