Attachment #9404 for bug #46354

(-)a/services/univention-s4-connector/modules/univention/s4connector/s4/password.py (-12 / +5 lines)

Lines 45-50 from samba.dcerpc import drsblobs	Link Here

import heimdal

import heimdal

from ldap.controls import LDAPControl

from ldap.controls import LDAPControl

import traceback

import traceback

import univention.lib.account

from univention.admin.handlers.users.user import unmapWindowsFiletime

class Krb5Context(object):

class Krb5Context(object):

	def __init__(self):

	def __init__(self):

Lines 857-863 def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):	Link Here

857

	modlist = []

859

	modlist = []

858

860

859

	try:

861

	try:

860

		ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime'], required=True)

862

		ucs_object_attributes = s4connector.lo.get(ucs_object['dn'], ['sambaAcctFlags', 'sambaBadPasswordTime', 'pwdAccountLockedTime'], required=True)

861

	except ldap.NO_SUCH_OBJECT:

863

	except ldap.NO_SUCH_OBJECT:

862

		ud.debug(ud.LDAP, ud.WARN, "%s: The UCS object (%s) was not found. The object was removed." % (function_name, ucs_object['dn']))

864

		ud.debug(ud.LDAP, ud.WARN, "%s: The UCS object (%s) was not found. The object was removed." % (function_name, ucs_object['dn']))

863

		return

865

		return

Lines 866-883 def lockout_sync_s4_to_ucs(s4connector, key, ucs_object):	Link Here

866

868

867

	lockoutTime = ucs_object['attributes'].get('lockoutTime', ['0'])[0]

869

	lockoutTime = ucs_object['attributes'].get('lockoutTime', ['0'])[0]

868

	if lockoutTime != "0":

870

	if lockoutTime != "0":

869

		if "L" not in sambaAcctFlags:

870

			acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags)

871

			new_sambaAcctFlags = acctFlags.set('L')

872

			ud.debug(ud.LDAP, ud.PROCESS, "%s: Marking Samba account as locked in OpenLDAP" % (function_name,))

873

			modlist.append(('sambaAcctFlags', sambaAcctFlags, new_sambaAcctFlags))

874

875

		badPasswordTime = ucs_object['attributes'].get('badPasswordTime', ["0"])[0]

871

		badPasswordTime = ucs_object['attributes'].get('badPasswordTime', ["0"])[0]

876

		if badPasswordTime != sambaBadPasswordTime:

872

		ud.debug(ud.LDAP, ud.PROCESS, "%s: Marking Samba account as locked in OpenLDAP" % (function_name,))

877

			ud.debug(ud.LDAP, ud.PROCESS, "%s: Copying badPasswordTime from S4: %s" % (function_name, badPasswordTime))

873

		univention.lib.account.lock(ucs_object['dn'], unmapWindowsFiletime([badPasswordTime]))

878

			if sambaBadPasswordTime:

879

				ud.debug(ud.LDAP, ud.INFO, "%s: Old sambaBadPasswordTime: %s" % (function_name, sambaBadPasswordTime))

880

			modlist.append(('sambaBadPasswordTime', sambaBadPasswordTime, badPasswordTime))

881

	else:

874

	else:

882

		if "L" in sambaAcctFlags:

875

		if "L" in sambaAcctFlags:

883

			acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags)

876

			acctFlags = univention.admin.samba.acctFlags(sambaAcctFlags)

Return to bug 46354