[chef] Re: Re: Re: Locking User Accounts

Chronological Thread 
  • From: AJ Christensen < >
  • To:
  • Subject: [chef] Re: Re: Re: Locking User Accounts
  • Date: Mon, 1 Nov 2010 13:28:52 -0700


On 1 November 2010 13:20, Jacob Vanderdray < "> > wrote:

       Yeah, that was my problem.  I'd never actually set a password for the account so it was effectively locked already.  Sorry for the extra email.  Once I set a password, I was able to lock/unlock the account by updating the data bag entry.

Dope on a rope. Perhaps quantify the user resource / provider documentation on the wiki?




On Nov 1, 2010, at 4:17 PM, AJ Christensen wrote:

> Yo,
> On 1 November 2010 12:41, Jacob Vanderdray < "> > wrote:
>        I'm working on making the users cookbook work for doing more general user management.  I've created a default recipe and I've got it now adding users defined in a data bag (even if they aren't in the sysadmin group).  I want to be able to lock accounts, so I've added a "locked" attribute to the data bag entries.  I also added the following to my recipe:
>  # Lock or unlock the account
>  user u['id'] do
>    if u['locked'] then
>      action :lock
>    else
>      action :unlock
>    end
>  end
>        I'm not getting any errors, but when I set the lock attribute to true on an entry and run chef-client in debug mode it reports:
> [Mon, 01 Nov 2010 12:20:30 -0700] DEBUG: No need to lock user[jvanderdray]
> It's (supposed to be) idempotent, so you'd only receive this error when jvanderdray was locked already. What platform are you on? What does the output of `passwd -S jvanderdray` say?
> Regards,
> AJ

Archive powered by MHonArc 2.6.16.