Univention Bugzilla – Bug 46351
Account lockout via LDAP ppolicy not shown in UMC and probably not applied to Kerberos
Last modified: 2021-05-03 21:34:08 CEST
In non-Samba/AD domains the temporary account lockout via LDAP ppolicy is not shown in UMC and probably also not applied to Kerberos. Showing it is probably easy, but something more need to be done to also apply the lockout to Kerberos. From the top of my head I guess we need to patch the ppolicy overlay to make an UDM call by running univention.lib.account.lock(unlocktime), where unlocktime is calculated from pwdAccountLockedTime + pwdLockoutDuration. A similar calling technique can be found in our 0001-password_sync.quilt patch for heimdal (which causes password changes to be communicated to UDM).