diff --git a/management/univention-admingrp-user-passwordreset/conffiles/etc/ldap/slapd.conf.d/65admingrp-user-passwordreset b/management/univention-admingrp-user-passwordreset/conffiles/etc/ldap/slapd.conf.d/65admingrp-user-passwordreset index 9e68a37cd7..08e61d0294 100644 --- a/management/univention-admingrp-user-passwordreset/conffiles/etc/ldap/slapd.conf.d/65admingrp-user-passwordreset +++ b/management/univention-admingrp-user-passwordreset/conffiles/etc/ldap/slapd.conf.d/65admingrp-user-passwordreset @@ -22,6 +22,17 @@ for key in configRegistry.keys(): grouplist.append(configRegistry.get(key)) userfilter = '(&(|(&(objectClass=posixAccount)(objectClass=shadowAccount))(objectClass=univentionMail)(objectClass=sambaSamAccount)(objectClass=simpleSecurityObject)(&(objectClass=person)(objectClass=organizationalPerson)(objectClass=inetOrgPerson)))(!(uidNumber=0))(!(|%s)))' % uidexcludestr +userfilter_lines = [] +i = 0 +n = 1024 +while i < len(userfilter): + try: + j = userfilter[i:i+n].rindex(')') + except: + j = n + userfilter_lines.append(userfilter[i:i+j+1]) + i = i + j + 1 +userfilter = "\n ".join(userfilter_lines) attr_fallback = 'krb5Key,userPassword,sambaPwdCanChange,sambaPwdMustChange,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,pwhistory,sambaPasswordHistory,krb5KDCFlags,krb5KeyVersionNumber,krb5PasswordEnd,shadowMax,shadowLastChange' attrlist = configRegistry.get('ldap/acl/user/passwordreset/attributes', attr_fallback) @@ -30,7 +41,8 @@ nestedgroups = configRegistry.is_true('ldap/acl/nestedgroups', False) if grouplist: print('# helpdesk access: grant access to specified groups for password reset') - print('access to dn.sub="%(ldap/base)s" filter="%(userfilter)s" attrs="%(attributelist)s"' % {'ldap/base': configRegistry.get('ldap/base'), 'userfilter': userfilter, 'attributelist': attrlist}) + print('access to dn.sub="%(ldap/base)s" filter="%(userfilter)s"' % {'ldap/base': configRegistry.get('ldap/base'), 'userfilter': userfilter}) + print(' attrs="%(attributelist)s"' % {'attributelist': attrlist}) for dn in grouplist: if nestedgroups: print(' by set="user & [%s]/uniqueMember*" %s' % (dn, access))