Attachment 9404 Details for Bug 46354 – s4connector_sync_to_ucs_account_lockout_to_univention_lib_account_lock.patch

[patch] s4connector_sync_to_ucs_account_lockout_to_univention_lib_account_lock.patch

s4connector_sync_to_ucs_account_lockout_to_univention_lib_account_lock.patch (text/plain), 2.40 KB, created by Arvid Requate on 2018-02-20 20:54:08 CET

(hide)

Description:

Filename:

MIME Type:

Creator: Arvid Requate

Created: 2018-02-20 20:54:08 CET

Size: 2.40 KB

patch

obsolete

>diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/password.py b/services/univention-s4-connector/modules/univention/s4connector/s4/password.py
>index 0622a89d4d..d6ba331d58 100644
>--- a/services/univention-s4-connector/modules/univention/s4connector/s4/password.py
>+++ b/services/univention-s4-connector/modules/univention/s4connector/s4/password.py
>@@ -45,6 +45,8 @@ from samba.dcerpc import drsblobs
> import heimdal
> from ldap.controls import LDAPControl
> import traceback
>+import univention.lib.account
>+from univention.admin.handlers.users.user import unmapWindowsFiletime
> 
> class Krb5Context(object):
> 	def __init__(self):
>@@ -857,7 +859,7 @@ def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):
> 	modlist = []
> 
> 	try:
>-		ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime'], required=True)
>+		ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime', 'pwdAccountLockedTime'], required=True)
> 	except ldap.NO_SUCH_OBJECT:
> 		ud.debug(ud.LDAP, ud.WARN, "%s: The UCS object (%s) was not found. The object was removed." % (function_name, ucs_object['dn']))
> 		return
>@@ -866,18 +868,9 @@ def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):
> 
> 	lockoutTime = ucs_object['attributes'].get('lockoutTime', ['0'])[0]
> 	if lockoutTime != "0":
>-		if "L" not in sambaAcctFlags:
>-			acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags)
>-			new_sambaAcctFlags = acctFlags.set('L')
>-			ud.debug(ud.LDAP, ud.PROCESS, "%s: Marking Samba account as locked in OpenLDAP" % (function_name,))
>-			modlist.append(('sambaAcctFlags', sambaAcctFlags, new_sambaAcctFlags))
>-
> 		badPasswordTime = ucs_object['attributes'].get('badPasswordTime', ["0"])[0]
>-		if badPasswordTime != sambaBadPasswordTime:
>-			ud.debug(ud.LDAP, ud.PROCESS, "%s: Copying badPasswordTime from S4: %s" % (function_name, badPasswordTime))
>-			if sambaBadPasswordTime:
>-				ud.debug(ud.LDAP, ud.INFO, "%s: Old sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime))
>-			modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, badPasswordTime))
>+		ud.debug(ud.LDAP, ud.PROCESS, "%s: Marking Samba account as locked in OpenLDAP" % (function_name,))
>+		univention.lib.account.lock(ucs_object['dn'], unmapWindowsFiletime([badPasswordTime]))
> 	else:
> 		if "L" in sambaAcctFlags:
> 			acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags)

Actions: View | Diff

Attachments on bug 46354: 9403 | 9404