Bug 29775 – S4 Connector Konvertierung sambaMaxPwdAge zu Samba4 unterstützt nicht -1

Bug 29775 - S4 Connector Konvertierung sambaMaxPwdAge zu Samba4 unterstützt nicht -1


Summary:	S4 Connector Konvertierung sambaMaxPwdAge zu Samba4 unterstützt nicht -1

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	S4 Connector
Version:	UCS 3.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 3.1-1-errata
Assigned To:	Stefan Gohmann
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2012-12-12 12:59 CET by Arvid Requate
Modified:	2013-05-30 10:28 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2012-12-12 12:59:41 CET

Der S4 Connector erkennt nicht den speziellen Wert "-1" in sambaMaxPwdAge und konvertiert ihn zu

maxPwdAge: 10000000

was vermutlich dann (pwdLastSet - 1) Sekunden bedeutet..



+++ This bug was initially created as a clone of Bug #29772 +++

root@master23:~# univention-ldapsearch -xLLL objectclass=sambadomain
dn: sambaDomainName=ARUCS31I23,cn=samba,dc=arucs31i23,dc=qa
sambaDomainName: ARUCS31I23
sambaSID: S-1-5-21-1429084368-1943113508-3274989293
objectClass: sambaDomain
objectClass: univentionObject
univentionObjectType: settings/sambadomain
sambaNextUserRid: 1000
sambaNextGroupRid: 1000
sambaMinPwdLength: 8
sambaPwdHistoryLength: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaRefuseMachinePwdChange: 0
sambaNextRid: 1001
sambaLogonToChgPwd: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1

root@master23:~# samba-tool domain passwordsettings show
Password informations for domain 'DC=arucs31i23,DC=qa'

Password complexity: on
Store plaintext passwords: off
Password history length: 0
Minimum password length: 8
Minimum password age (days): 0
Maximum password age (days): 0

root@master23:~# univention-s4search -b DC=arucs31i23,DC=qa -s base maxPwdAge
minPwdAge pwdHistoryLength minPwdLength lockoutDuration
lockOutObservationWindow lockoutThreshold forceLogoff 
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS
# record 1
dn: DC=arucs31i23,DC=qa
forceLogoff: -9223372036854775808
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
minPwdLength: 8
pwdHistoryLength: 0
minPwdAge: 0
maxPwdAge: 10000000
lockoutDuration: -300000000

Comment 1 Stefan Gohmann

2013-05-24 09:32:14 CEST

I think we should map -1 and 0 on UCS side to 0 on AD side since AD does not support -1.

Comment 2 Stefan Gohmann

2013-05-28 13:25:20 CEST

-1 for sambaMaxPwdAge will now be mapped to 0 in Samba 4.

A test case has been added: r40956

3.1-2: 40955

3.1-2 changelog: 40961

3.1-1-errata: r40957

YAML errata: r40960

Comment 3 Arvid Requate

2013-05-28 14:36:05 CEST

Verfied:
 * sambaMaxPwdAge=-1 gets converted to maxPwdAge=0.
 * maxPwdAge > 0 gets converted to sambaMaxPwdAge=0.
 * Advisory slightly adjusted (TeX-Markup removed).

Comment 4 Moritz Muehlenhoff

2013-05-30 10:28:22 CEST

http://errata.univention.de/ucs/3.1/115.html