Univention Bugzilla – Bug 55501
Failure through ppolicy for udm_lock_account action on replica node
Last modified: 2023-01-13 15:50:02 CET
Research from Arvid When I look into ~/svn/patches/openldap/5.0-0-0-ucs/2.5.11+dfsg-1-errata5.0-1/70_ppolicy_udm_lock.quilt then I think that in case of a lockout event OpenLDAP does thje following which can be simulated manually on the console of the UCS@school replica: HOME=/ python3 -m univention.lib.account lock \ --dn "<uid=username,...>" \ --lock-time "$(date --utc '+%Y%m%d%H%M%SZ')"
Important if necessary: also with central users (here cn=users,dc=mydomain,dc=intranet) the lock is not possible
bf7110388c | Allow replicas to lockout user accounts af3730c92f | Advisory 043eb771ea | debian/changelog ea97d40310 | Advisory update Package: univention-ldap Version: 16.0.7-25A~5.0.0.202212301255 Branch: ucs_5.0-0 Scope: errata5.0-2
d9bef5db1b | restart slapd during update (univention-ldap-acl-master.postinst) dabc0d446d | Advisory update Package: univention-ldap Version: 16.0.7-25A~5.0.0.202301021816 Branch: ucs_5.0-0 Scope: errata5.0-2
Verified: * Package update * Functional test * Advisory Ok
<https://errata.software-univention.de/#/?erratum=5.0x533>