Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Module user : Unable to manage local system user when it exists in LDAP, even if option "local" is set to "yes" #38206

Closed
pierre8778 opened this issue Apr 3, 2018 · 4 comments · Fixed by #51088
Closed

Module user : Unable to manage local system user when it exists in LDAP, even if option "local" is set to "yes" #38206

pierre8778 opened this issue Apr 3, 2018 · 4 comments · Fixed by #51088
Labels
affects_2.4 This issue/PR affects Ansible v2.4 bug This issue/PR relates to a bug. module This issue/PR relates to a module. support:core This issue/PR relates to code supported by the Ansible Engineering Team. system System category

Comments

@pierre8778
Copy link

ISSUE TYPE
  • Bug Report
COMPONENT NAME

module: user

ANSIBLE VERSION
ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/usr/share/my_modules', u'/local/ansible/data/plugins/custom_modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, May  3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)]
CONFIGURATION

ANSIBLE_SSH_CONTROL_PATH(/etc/ansible/ansible.cfg) = %(directory)s/%%h-%%r
DEFAULT_CALLBACK_PLUGIN_PATH(/etc/ansible/ansible.cfg) = [u'/usr/share/ansible/plugins/callback', u'/local/ansible/data/plugins/callback']
DEFAULT_CALLBACK_WHITELIST(/etc/ansible/ansible.cfg) = ['timer', 'profile_tasks', 'my_log_plays']
DEFAULT_GATHERING(/etc/ansible/ansible.cfg) = explicit
DEFAULT_KEEP_REMOTE_FILES(env: ANSIBLE_KEEP_REMOTE_FILES) = True
DEFAULT_MANAGED_STR(/etc/ansible/ansible.cfg) = #! ANSIBLE MANAGED: {file} modified by {uid} on {host} !#
DEFAULT_MODULE_PATH(/etc/ansible/ansible.cfg) = [u'/usr/share/my_modules', u'/local/ansible/data/plugins/custom_modules']
DEFAULT_REMOTE_TMP(/etc/ansible/ansible.cfg) = /tmp/.ansible-${USER}/tmp
HOST_KEY_CHECKING(/etc/ansible/ansible.cfg) = False
RETRY_FILES_SAVE_PATH(/etc/ansible/ansible.cfg) = /tmp/.ansible-e821580-retry

OS / ENVIRONMENT

Ansible server : RHEL 7.4
Managed servers: RHEL 6.x and 7.x

SUMMARY

Unable to manage (add/remove) a local system user when it exists in LDAP, even if option "local" is set to "yes"

STEPS TO REPRODUCE
  • Configure a managed server to use a LDAP source along the /etc/passwd file to autenticate users
  • Create a user "testUser" in your LDAP
  • Try to create the same user but in the local /etc/passwd file of your managed server with Ansible :
- name: Test creation of local user
  hosts: TEST
  become: True
  gather_facts: False

  tasks:
  - name: Create local user testUser
    user:
      comment: "Test user"
      createhome: true
      name: "testUser"
      password: "xxxxx"
      shell: "/bin/bash"
      state: "present"
      local: true
EXPECTED RESULTS
  • User "testUser" should be present in /etc/passwd file on the target server
ACTUAL RESULTS
  • If no password is set in module arguments, Ansible tells user exists
  • If a password is set for the user to create in module arguments (example above), the user creation fails with rc=3 and error message "User testUser does not exists"
ansible-playbook -i hosts test_luser.yml -Kk

After a quick look in the user module file, I found that the Python function responsible of checking for user existence uses pwd.getpwnam(). But this Python function does not distinguish between local and LDAP users. Then I wrote a little patch to make this function looking for the user to create/remove in /etc/passwd if "local" argument is set to "yes". The attached ZIP file contains the modified module and a diff patch file.
ansible_user_patch.zip
@ansibot
Copy link
Contributor

ansibot commented Apr 3, 2018

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibot
Copy link
Contributor

ansibot commented Apr 3, 2018

cc @sfromm
click here for bot help

@ansibot ansibot added affects_2.4 This issue/PR affects Ansible v2.4 bug This issue/PR relates to a bug. module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Apr 3, 2018
@maxamillion maxamillion removed the needs_triage Needs a first human triage before being processed. label Apr 3, 2018
@ansibot
Copy link
Contributor

ansibot commented May 29, 2018

cc @samdoran
click here for bot help

@samdoran
Copy link
Contributor

Duplicate of #50947

@samdoran samdoran marked this as a duplicate of #50947 Jan 18, 2019
@samdoran samdoran mentioned this issue Jan 18, 2019
Merged
@ansibot ansibot added the system System category label Feb 19, 2019
@ansible ansible locked and limited conversation to collaborators Jul 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
affects_2.4 This issue/PR affects Ansible v2.4 bug This issue/PR relates to a bug. module This issue/PR relates to a module. support:core This issue/PR relates to code supported by the Ansible Engineering Team. system System category
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

User module - Check local database when local is specified in the task samdoran/ansible
4 participants
@maxamillion @samdoran @ansibot @pierre8778