Bug 25408 - univention-admingrp-user-passwordreset Installation
univention-admingrp-user-passwordreset Installation
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 3.0
Other Linux
: P5 normal (vote)
: UCS 3.2
Assigned To: Erik Damrose
Felix Botner
: interim-1
: 31980 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2011-12-09 17:19 CET by Stefan Gohmann
Modified: 2013-11-19 06:43 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2011-12-09 17:19:38 CET
Während der Installation von univention-admingrp-user-passwordreset gibt es die folgende Meldung:
Trigger für univention-config werden verarbeitet ...
univention-admingrp-user-passwordreset (2.0.1-3.18.201111081518) wird eingerichtet ...
Multifile: /etc/ldap/slapd.conf
Object created: cn=User Password Admins,cn=groups,dc=deadlock48,dc=local
unknown module policies/admin_user.

Available Modules are:
Create ldap/acl/user/passwordreset/accesslist/groups/dn
Create ldap/acl/user/passwordreset/protected/uid
Create ldap/acl/user/passwordreset/attributes
Multifile: /etc/ldap/slapd.conf
Restarting ldap server(s).
Comment 1 Tim Petersen univentionstaff 2013-04-05 11:33:30 CEST
Dadurch wird auch die Richtlinie default-user-password-admins nicht angelegt und das Kapitel "http://docs.univention.de/handbuch-3.1-1.html#domain-ldap:Delegation_des_Zuruecksetzens_von_Benutzerpasswoertern" bzw. die Funktion ist so nicht verwendbar.
Comment 2 Tim Petersen univentionstaff 2013-04-05 11:36:01 CEST
Running 95univention-admingrp-user-passwordreset.inst      failed (exitcode: 3)
Comment 3 Moritz Muehlenhoff univentionstaff 2013-05-31 10:43:22 CEST
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2.

As such, this bug is moved to the new target milestone.
Comment 4 Erik Damrose univentionstaff 2013-07-02 13:35:24 CEST
The joinscript has been updated to work with UCS 3.2. In addition, the default policy created in the joinscript is now applied to the group "User Password Admins" by default.

Fixed in UCS 3.2: univention-admingrp-user-passwordreset 4.0.0-1.20.201307021319
Changelog entry added
Bug 31872 has been created to ensure the small change is reflected in the UCS 3.2 documentation.
Comment 5 Felix Botner univentionstaff 2013-07-05 10:00:50 CEST

# Set default policy for User Password Admins group
udm groups/group modify "$@" \
  --dn "cn=User Password Admins,cn=groups,dc=intra,dc=net" \
  --policy-reference \

dc=intra,dc=net -> $ldap_base
Comment 6 Erik Damrose univentionstaff 2013-07-05 10:11:01 CEST
The hardcoded ldap base has been replaced by the ucr variable value.

Build in 3.2 univention-admingrp-user-passwordreset 4.0.1-1.21.201307051006
Comment 7 Felix Botner univentionstaff 2013-07-05 11:04:32 CEST
OK - a user in the group "User Password Admins" can change other users
     passwords (except Administrator)

OK - Changelog
Comment 8 Philipp Hahn univentionstaff 2013-07-16 08:59:26 CEST
*** Bug 31980 has been marked as a duplicate of this bug. ***
Comment 9 Stefan Gohmann univentionstaff 2013-11-19 06:43:06 CET
UCS 3.2 has been released:

If this error occurs again, please use "Clone This Bug".