Due to the libc bug Luke made me aware of, Puppet changed somewhere after 0.22.4 to poll all groups on the system rather than querying specific ones.
This patch does some rearranging of the user/group types and posix utils so that the "fast path" of querying a specific user or group is done first, then a reverse lookup is done to check the validity of the result. Only if this reverse lookup produces inconsistent results does it then go through the polling method.
Also some changes to the directoryservice provider were needed to make Mac OS X pass the POSIX unit tests when bound to a remote directory service node. The provider now uses the /Search node (all local and remote nodes) for all querying operations, but defaults to the local node when performing destructive operations.
Two successive commits on github to the 0.24.x branch, the latter after chatting to JJM and realizing the implications of the node change:
http://github.com/nigelkersten/puppet/commit/695f174eb1d228d382aee2be6afcb655d4c31318
http://github.com/nigelkersten/puppet/commit/c1a6adb84ecdcc1c2a2657b4d603c96ae3282125
