[FEATURE REQUEST] Allow creation of local users and groups #64256
Assignees
Labels
Milestone
Comments
bluesliverx
added
Feature
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
We manage user accounts and groups via LDAP, except in certain cases where a local account is required as well because of history/legacy/etc. We encountered race conditions where depending on if the LDAP user management was configured yet, the users and groups would not be created since they already existed in LDAP, but since they didn't exist on the local user database, processes would fail. We needed a way to be able to force creation of local users and groups
Describe the solution you'd like
We have created alternate versions of user/group modules that use a
localflag to determine if local variants of system commands to manage user/groups (e.g.luseradd) were used or not.Describe alternatives you've considered
Changing the Salt state ordering was not the right solution for us, since LDAP user management was often initialized before Salt was even bootstrapped in our environments. Additionally, machines could transition to different roles and need users created locally post-machine bootstrap.
Additional context
We engineered a solution with Salt 2018 and have been using it as a patched version of Salt since then. I have taken our changes and merged them with the latest changes in Salt and will be submitting a PR shortly.
The text was updated successfully, but these errors were encountered: