First Last Prev Next    This bug is not in your last search results.
Bug 46350 - Remove broken unused script univention-directory-manager-tools/lock_expired_passwords
Remove broken unused script univention-directory-manager-tools/lock_expired_p...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Users
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0
Assigned To: Florian Best
Arvid Requate
:
Depends on: 36215
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-20 18:01 CET by Arvid Requate
Modified: 2021-05-25 16:03 CEST (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2018-02-20 18:01:49 CET 
The script /usr/share/univention-directory-manager-tools/lock_expired_passwords is a leftover from the reverted changes made for Bug 36215 Comment 1. That approach didn't work and was replaced in Bug 36215 Comment 10 by the slapd overlay shadowmax.

The script is not used currently and should be removed for these reasons:

1. In its current state (after the changes for Bug 39817) it leaves the account in an inconsistent state with "locked=1" (i.e. "L" in sambaAcctFlags) but without sambaBadPasswordTime. During the next object.open() the "locked" state gets reset to 0, resulting in confusion in 61_udm-users/25_script_lock_expired_passwords. In contrast, the Python module /usr/share/pyshared/univention/lib/account.py method "lock" does this correctly, if an unlock time is given as parameter.

2. The concept of "locking" is only defined in the context of an account lockout policy configured via samba-tool domain passwordsettings. And the locking would be either a) temporally limited or b) permanent, depending on policy. The user would not have any chance to change his expired password.
Comment 1 Florian Best univentionstaff 2020-07-06 12:08:34 CEST 
Removed the script:

univention-directory-manager-modules (15.0.1-12)
| Bug #46350: remove unused script lock_expired_passwords

changelog-5.0-0.xml
| Bug #46350: add changelog entry
Comment 2 Florian Best univentionstaff 2021-05-25 16:03:17 CEST 
UCS 5.0 has been released:
 https://docs.software-univention.de/release-notes-5.0-0-en.html
 https://docs.software-univention.de/release-notes-5.0-0-de.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.