Univention Bugzilla – Attachment 9223 Details for
Bug 44867
Self Service "forgot password" does not work in Active Directory domain
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch
44867.patch (text/plain), 2.51 KB, created by
Florian Best
on 2017-09-19 09:04:10 CEST
(
hide
)
Description:
patch
Filename:
MIME Type:
Creator:
Florian Best
Created:
2017-09-19 09:04:10 CEST
Size:
2.51 KB
patch
obsolete
>commit e91b595b0f3541f0846a03e87601bb965421fdef >Author: Stefan Gohmann <gohmann@univention.de> >Date: Thu Sep 14 20:50:42 2017 +0200 > > Bug #44867: Fix password reset for UCS systems joined into a AD domain. > > The following UCR variables need to be set: > - connector/ad/ldap/host: the AD DC FQDN > - ad/reset/username: a username of a AD admin who is allowed to reset a password of a user > - ad/reset/password: a file which contains the password of the AD admin > >diff --git a/management/univention-self-service/umc/python/passwordreset/__init__.py b/management/univention-self-service/umc/python/passwordreset/__init__.py >index a00e40a..956fd39 100644 >--- a/management/univention-self-service/umc/python/passwordreset/__init__.py >+++ b/management/univention-self-service/umc/python/passwordreset/__init__.py >@@ -39,6 +39,7 @@ > from functools import wraps > from ldap.filter import filter_format > import pylibmc >+import subprocess > > from univention.lib.i18n import Translation > from univention.lib.umc import Client, HTTPError, ConnectionError, Unauthorized >@@ -455,9 +456,30 @@ def set_contact_data(self, dn, email, mobile): > MODULE.error("set_contact_data(): {}".format(traceback.format_exc())) > raise > >+ def admember_set_password(self, username, password): >+ ldb_url = ucr.get('connector/ad/ldap/host') >+ reset_username = ucr.get('ad/reset/username') >+ reset_password_file = ucr.get('ad/reset/password') >+ reset_password = open(reset_password_file).readline().strip() >+ cmd = ['samba-tool', 'user', 'setpassword', '--username', reset_username, '--password', reset_password, '--filter', filter_format('samaccountname=%s', (username,)), '--newpassword', password, '-H', 'ldap://%s' % ldb_url] >+ process = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) >+ cmd_out, cmd_err = process.communicate() >+ >+ if cmd_out: >+ MODULE.process("STDOUT: {}".format(cmd_out)) >+ if cmd_err: >+ MODULE.process("STDERR: {}".format(cmd_err)) >+ >+ if process.returncode: >+ MODULE.error("admember_set_password(): failed to set password. Return code: %s" % (process.returncode,)) >+ return False >+ return True >+ > def udm_set_password(self, username, password): >+ user = self.get_udm_user(username=username, admin=True) >+ if 'synced' in user.get('objectFlag') and ucr.is_true('ad/member'): >+ return self.admember_set_password(username, password) > try: >- user = self.get_udm_user(username=username, admin=True) > user["password"] = password > user["pwdChangeNextLogin"] = 0 > user.modify()
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9223">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 44867
:
9207
|
9208
|
9213
|
9214
|
9221
|
9223
|
9225
|
9252