First Last Prev Next    This bug is not in your last search results.
Bug 46351 - Account lockout via LDAP ppolicy not shown in UMC and probably not applied to Kerberos
Account lockout via LDAP ppolicy not shown in UMC and probably not applied to...
Status: NEW
Product: UCS
Classification: Unclassified
Component: UMC - Users
UCS 5.0
Other Linux
: P3 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on: 39817
Blocks: 46354
  Show dependency treegraph
 
Reported: 2018-02-20 18:26 CET by Arvid Requate
Modified: 2021-05-03 21:34 CEST (History)
5 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2018-02-20 18:26:06 CET 
In non-Samba/AD domains the temporary account lockout via LDAP ppolicy is not shown in UMC and probably also not applied to Kerberos. Showing it is probably easy, but something more need to be done to also apply the lockout to Kerberos.

From the top of my head I guess we need to patch the ppolicy overlay to make an UDM call by running univention.lib.account.lock(unlocktime), where unlocktime is calculated from pwdAccountLockedTime + pwdLockoutDuration.

A similar calling technique can be found in our 0001-password_sync.quilt patch for heimdal (which causes password changes to be communicated to UDM).
First Last Prev Next    This bug is not in your last search results.