Univention Bugzilla – Bug 46350
Remove broken unused script univention-directory-manager-tools/lock_expired_passwords
Last modified: 2021-05-25 16:03:17 CEST
The script /usr/share/univention-directory-manager-tools/lock_expired_passwords is a leftover from the reverted changes made for Bug 36215 Comment 1. That approach didn't work and was replaced in Bug 36215 Comment 10 by the slapd overlay shadowmax. The script is not used currently and should be removed for these reasons: 1. In its current state (after the changes for Bug 39817) it leaves the account in an inconsistent state with "locked=1" (i.e. "L" in sambaAcctFlags) but without sambaBadPasswordTime. During the next object.open() the "locked" state gets reset to 0, resulting in confusion in 61_udm-users/25_script_lock_expired_passwords. In contrast, the Python module /usr/share/pyshared/univention/lib/account.py method "lock" does this correctly, if an unlock time is given as parameter. 2. The concept of "locking" is only defined in the context of an account lockout policy configured via samba-tool domain passwordsettings. And the locking would be either a) temporally limited or b) permanent, depending on policy. The user would not have any chance to change his expired password.
Removed the script: univention-directory-manager-modules (15.0.1-12) | Bug #46350: remove unused script lock_expired_passwords changelog-5.0-0.xml | Bug #46350: add changelog entry
UCS 5.0 has been released: https://docs.software-univention.de/release-notes-5.0-0-en.html https://docs.software-univention.de/release-notes-5.0-0-de.html If this error occurs again, please use "Clone This Bug".