Univention Bugzilla – Bug 39682
password change doesn't work if the password is expired
Last modified: 2015-11-17 12:12:47 CET
The password change module of the self service fails if the password is expired because the authentication fails. One have to pass the new credentials directly in the authentication request.
svn r65092
(server)# udm users/user modify --dn uid=test1,cn=users,dc=uni,dc=dtr --set pwdChangeNextLogin=1 (client)# smbclient -U test1 -L 10.200.3.26 Enter test1's password: session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE (client)# curl -s -H "Content-Type: application/json" -H "Accept-Language: de_DE" -X POST -d '{"username":"test1","password":"test1","email":"test1neu@example.com","mobile":"123"}' http://10.200.3.26/univention-self-service/passwordreset/set_contact | json_xs (client)# curl -s -H "Content-Type: application/json" -H "Accept-Language: de_DE" -X POST -d '{"username": "test1", "method": "email"}' http://10.200.3.26/univention-self-service/passwordreset/send_token (server)# PGPASSWORD="$(cat /etc/self-service-db.secret)" pg_dump --data-only --host=localhost --username=selfservice selfservice | grep -A5 "^COPY tokens" (client)# curl -s -H "Content-Type: application/json" -H "Accept-Language: de_DE" -X POST -d '{"username": "test1", "password": "test1neu1", "token": "iS2YUJYEcbC82JJbv7WgtDVsTq3aoLAj3Xpa5vXEt3hi9VpwK5VVKd3NNuMEvyTF"}' http://10.200.3.26/univention-self-service/passwordreset/set_password | json_xs { "message" : "Ihr Passwort wurde erfolgreich geändert.", "result" : null } (client)# smbclient -U test1 -L 10.200.3.26 Enter test1's password: session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE OK: the password was changed Fail: pwdChangeNextLogin was not reset
yep, fixed that typo.
(In reply to Daniel Tröder from comment #2) > OK: the password was changed > Fail: pwdChangeNextLogin was not reset Fixed in r65284.
UCS 4.1 has been released: https://docs.software-univention.de/release-notes-4.1-0-en.html https://docs.software-univention.de/release-notes-4.1-0-de.html If this error occurs again, please use "Clone This Bug".