Univention Bugzilla – Attachment 9403 Details for
Bug 46354
S4 Connector does not sync Samba/AD account lockout to LDAP ppolicy lockout
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
s4connector_sync_to_ucs_account_lockout_to_ppolicy_lockout.patch
s4connector_sync_to_ucs_account_lockout_to_ppolicy_lockout.patch (text/plain), 2.29 KB, created by
Arvid Requate
on 2018-02-20 20:48:39 CET
(
hide
)
Description:
s4connector_sync_to_ucs_account_lockout_to_ppolicy_lockout.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2018-02-20 20:48:39 CET
Size:
2.29 KB
patch
obsolete
>diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/password.py b/services/univention-s4-connector/modules/univention/s4connector/s4/password.py >index 0622a89d4d..603234a6ca 100644 >--- a/services/univention-s4-connector/modules/univention/s4connector/s4/password.py >+++ b/services/univention-s4-connector/modules/univention/s4connector/s4/password.py >@@ -45,6 +45,7 @@ from samba.dcerpc import drsblobs > import heimdal > from ldap.controls import LDAPControl > import traceback >+from univention.admin.handlers.users.user import unmapWindowsFiletime > > class Krb5Context(object): > def __init__(self): >@@ -855,9 +856,10 @@ def lockout_sync_s4_to_ucs(s4connector, key, ucs_object): > return > > modlist = [] >+ extra_modlist = [] > > try: >- ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime'], required=True) >+ ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime', 'pwdAccountLockedTime'], required=True) > except ldap.NO_SUCH_OBJECT: > ud.debug(ud.LDAP, ud.WARN, "%s: The UCS object (%s) was not found. The object was removed." % (function_name, ucs_object['dn'])) > return >@@ -878,6 +880,10 @@ def lockout_sync_s4_to_ucs(s4connector, key, ucs_object): > if sambaBadPasswordTime: > ud.debug(ud.LDAP, ud.INFO, "%s: Old sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime)) > modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, badPasswordTime)) >+ >+ pwdAccountLockedTime = ucs_object['attributes'].get('pwdAccountLockedTime', ["0"])[0] >+ lockedTime = unmapWindowsFiletime([badPasswordTime]) >+ extra_modlist.append(('pwdAccountLockedTime', pwdAccountLockedTime, lockedTime)) > else: > if "L" in sambaAcctFlags: > acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags) >@@ -893,6 +899,12 @@ def lockout_sync_s4_to_ucs(s4connector, key, ucs_object): > ud.debug(ud.LDAP, ud.ALL, "%s: modlist: %s" % (function_name, modlist)) > s4connector.lo.lo.modify(ucs_object['dn'], modlist) > >+ if extra_modlist: >+ try: >+ s4connector.lo.lo.modify(ucs_object['dn'], extra_modlist) >+ ud.debug(ud.LDAP, ud.ALL, "%s: modlist: %s" % (function_name, extra_modlist)) >+ except ldap.UNDEFINED_TYPE: # no ppolicy enabled >+ pass > > def lockout_sync_ucs_to_s4(s4connector, key, object): > """
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9403">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 46354
: 9403 |
9404