chef - [chef] Re: Re: RE: Re: Re: User Management

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: RE: Re: Re: User Management

From: Lamont Granquist < >
To:
Cc: Daniel DeLeo < >
Subject: [chef] Re: Re: RE: Re: Re: User Management
Date: Wed, 25 Mar 2015 14:27:38 -0700

LDAP issue has been around for a long time:

https://tickets.opscode.com/browse/OHAI-165

Would love to see someone in the community submit an RFC to get everyone to agree to change the default behavior of the Ohai plugin to only enumerate the /etc/{passwd,group,shadow} files themselves directly (on most Unixen that use those files) and to only opt-in to the Etc behavior of enumerating LDAP. I'm saturated and backed up on RFC TODOs as it is.

On 3/25/15 11:59 AM, Daniel DeLeo wrote:

On Wednesday, March 25, 2015 at 11:49 AM, Kevin Keane Subscription wrote:

RE: [chef] Re: Re: User Management
Just out of curiosity, do you know if ohai actually scans the file, or uses
the getpwent utility or API to do it?
The difference is that getpwent would also pick up users coming from Active
Directory, LDAP etc., depending on you nssswitch.conf configuration.
Kevin Keane
The NetTech

Uses ruby’s Etc module which uses the system calls to get the data. So it
will have AD/LDAP users if those are configured. For this reason, it’s common
to disable the plugin in those environments. Ideally we could find a more
elegant solution to that but there’s kind of a sharp divide between users who
like to have all ohai data available for search, etc. vs. those who’d prefer
a more opt-in approach, plus there’s compatibility concerns.

--
Daniel DeLeo

[chef] RE: Re: Re: User Management, Kevin Keane Subscription, 03/25/2015
- [chef] Re: RE: Re: Re: User Management, Daniel DeLeo, 03/25/2015
  - [chef] Re: Re: RE: Re: Re: User Management, Lamont Granquist, 03/25/2015