aborts if one of specified users is visible via other authentication provider

[FlorianHeigl]

scenario

• we have one host which is attached to AD.
• users mary and kitty are visible from AD.
• user joy is not in AD and should be locally created.
• the playbook as entries fro mary, kitty and joy, listing the basic info and

problem

the module looks for directory based users in /etc/passwd and thus gets a bit confused.
it aborts mid-run.

1. it should probably use getent passwd username for those (but not without giving a username, since there might be 1000s of directory based users)
2. it might still try to change those users if the AD GECOS field doesn't match whats specified for the role. makes sense.
3. it will currently not manage to add the ssh keys etc. for user joy.
4. it will report no changes (everything is already deployed)

it seems to me that 3) should still be working.

use cases

a setup like this can be considered a "recommended practice":

• you will likely have AD-based auth for devs and end users of a system
• you will likely have local accounts for the ops staff since they should be able to log on if there's a directory issue.

footnote

yes, if i specific different user lists for the AD-based and not AD-based systems i will avoid this. unless i'd still like to use the role to deploy their keys. and i'm not sure if it should not be able to complete for user "joy"