Yeah, that was my problem. I'd never actually set a password for the account so it was effectively locked already. Sorry for the extra email. Once I set a password, I was able to lock/unlock the account by updating the data bag entry.
Thanks,
Jake.
On Nov 1, 2010, at 4:17 PM, AJ Christensen wrote:
> Yo,
>
> On 1 November 2010 12:41, Jacob Vanderdray < "> > wrote:
>
> I'm working on making the users cookbook work for doing more general user management. I've created a default recipe and I've got it now adding users defined in a data bag (even if they aren't in the sysadmin group). I want to be able to lock accounts, so I've added a "locked" attribute to the data bag entries. I also added the following to my recipe:
>
> # Lock or unlock the account
> user u['id'] do
> if u['locked'] then
> action :lock
> else
> action :unlock
> end
> end
>
> I'm not getting any errors, but when I set the lock attribute to true on an entry and run chef-client in debug mode it reports:
>
> [Mon, 01 Nov 2010 12:20:30 -0700] DEBUG: No need to lock user[jvanderdray]
>
> It's (supposed to be) idempotent, so you'd only receive this error when jvanderdray was locked already. What platform are you on? What does the output of `passwd -S jvanderdray` say?
>
> Regards,
>
> AJ
Archive powered by MHonArc 2.6.16.