commit 3d5a6f88863c49f76d636f8cb41efc333479d100
Author: Julia Bremer <bremer@univention.de>
Date:   Thu Nov 26 13:35:14 2020 +0100

    Bug #52261: If pwcheck is enabled, adding users from ad is rejected, because generated temporary password is not complex enough

diff --git services/univention-ad-connector/modules/univention/connector/__init__.py services/univention-ad-connector/modules/univention/connector/__init__.py
index 3df13958e0..46f0ed14a1 100644
--- services/univention-ad-connector/modules/univention/connector/__init__.py
+++ services/univention-ad-connector/modules/univention/connector/__init__.py
@@ -81,11 +81,27 @@ def make_lower(mlValue):
 	return mlValue
 
 
+password_charsets = [
+	'abcdefghijklmnopqrstuvwxyz',
+	'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
+	'0123456789',
+	'^!\$%&/()=?{[]}+~#-_.:,;<>|\\',
+	]
+
+def generate_strong_password(length=24):
+	pwd = []
+	charset = random.choice(password_charsets)
+	while len(pwd) < length:
+		pwd.append(random.choice(charset))
+		charset = random.choice(list(set(password_charsets) - set([charset])))
+	return "".join(pwd)
+
+
 def set_ucs_passwd_user(connector, key, ucs_object):
 	'''
 	set random password to fulfill required values
 	'''
-	ucs_object['password'] = str(int(random.random() * 100000000)) * 20  # at least 20 characters
+	ucs_object['password'] = generate_strong_password()
 
 
 def check_ucs_lastname_user(connector, key, ucs_object):