option to run jenkins as an ldap created user

[chhsiung]

Hi

I was attempting to get this recipe to run with a ldap created user/group called "jenkins". This user and group already exist on the system so the user and group resources in https://github.com/opscode-cookbooks/jenkins/blob/master/recipes/_master_war.rb#L28 aren't actually necessary. The documentation for these resources say that if the user/group exists, it'll instead attempt to update it. This did not work for me.

An error would occur:

    groupmod jenkins returned 10, expected 0
    ---- Begin output of groupmod jenkins ----
    STDOUT: STDERR: groupmod: group 'jenkins' does not exist in /etc/group
    ---- End output of groupmod jenkins ----

I ended up getting around this by disabling ldap and allowing the recipe to create a local group. Once the local group was created, the recipe worked just fine, even after I reenabled ldap.

Is there a better workaround? Should this part (adding user to group) be configurable so you can turn it off in case you are using ldap to manage your groups?

[nkadel-skyhook]

On most Linux based systems, using "luseradd", "lusermod", "lgroupadd", and "lgroupmod" in the upstream user configuration tools would allow local accounts and groups to be managed, and updated locally, even if they exist in LDAP already. But that takes a rewrite of Chef's basic upstream "user" and "group" to make them available.

If you're willing, you can work around it the hard way by locally auditing for correct groups and users, and running those commands in your own recipes or resources. But it's extra work, as well.

[chhsiung]

i've created a PR, but am working my way through the checklist for actually contributing