added forcelocal option

[hanej]

Adding the forcelocal option so the OS doesn't try to update LDAP when making user or group changes. The resource collector was added to the init.pp manifest so when creating local accounts, the group is created first.

[hanej]

Darn. I see the circular dependency. The use case I'm trying to solve is when there is a group in LDAP and you're trying to create that same group locally. Without the forcelocal option applied, the user gets created, knows the group exists in LDAP, and stops. Then the group class kicks in, sees the group isn't local and tries to do a groupmod which fails.

Using forcelocal fixes that problem but when using manage_group: false for the user, the group has to be created first otherwise the user creation fails.

[hanej]

I'm stuck. This works for my use case where I'm trying to create a local version of a single LDAP group. I see in gpasswd it's trying to create the group and add the user in one shot however at this point the user doesn't exist. When the user does get created it gets added to the correct group.

Warning: Modifying bolt => Execution of '/usr/bin/gpasswd -a bolt bolt' returned 3: gpasswd: user 'bolt' does not exist
Notice: /Stage[main]/Accounts/Accounts::Group[bolt]/Group[bolt]/ensure: created
Notice: /Stage[main]/Accounts/Accounts::User[bolt]/User[bolt]/ensure: created

Here's my hiera

accounts::groups:
  bolt:
    gid: 10572
    forcelocal: true

accounts::users:
  bolt:
    home: '/home/bolt'
    uid: 10572
    purge_ssh_keys: true
    manage_ssh_dir: true
    forcelocal: true
    manage_group: false
    groups:
      - 'bolt'