| A user resource configured with forcelocal will still try to sync the comment with the external directory services. It does use the `lusermod` to modify the local `/etc/passwd` to the comment specified in the user resource, but it compares the `in_sync` with the external directory services, meaning that it always updates the comment on catalog compilation. Reproduction:
1. Configure an agent with LDAP
2. Ensure nsswitch.conf has LDAP before `files` for `passwd`
3. Add a user to LDAP with a comment. Below is an example user.
testuser:*:510:10:test:/home/test:/bin/bash
|
4. Apply the following manifest on the agent multiple times and observe that it tries to update the comment every time.
user{'test': |
ensure => present, |
forcelocal => true, |
comment => 'local comment', |
uid => '510', |
gid => '10', |
}
|
Expected Behavior:
The agent should check the local passwd file for the comment as per https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/user/useradd.rb#L58-L72 |
