Bug 42308 – simple authentication/LDAP users cannot change their password via UMC

Bug 42308 - simple authentication/LDAP users cannot change their password via UMC


Summary:	simple authentication/LDAP users cannot change their password via UMC

Status:	RESOLVED MOVED

Product:	UCS
Classification:	Unclassified
Component:	UMC - Change password
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Florian Best
QA Contact:

URL:	https://git.knut.univention.de/univen...
Keywords:

Duplicates:	39636 (view as bug list)
Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-09-07 16:31 CEST by Michel Smidt
Modified:	2022-04-21 00:36 CEST (History)
CC List:	2 users (show)

See Also:	44582
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.137
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	External feedback, Usability
Max CVSS v3 score:

Flags:	best: Patch_Available+

Attachments
patch (branch fbest/42308-ldap-user-password-change) (2.76 KB, patch) 2017-10-18 14:57 CEST, Florian Best	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michel Smidt 2016-09-07 16:31:36 CEST

Currently it is not possible for simple authentication users to reset their passwords via UMC.

Use case:
I created a simple authentication user [1] for a partner of a customer to connect his service to the customer LDAP. 
This service user got an initial password which I send to the partner but he can not reset it via UMC.

[1] http://wiki.univention.de/index.php?title=Cool_Solution_-_LDAP_search_user

Comment 1 Florian Best

2016-11-04 22:48:27 CET

*** Bug 39636 has been marked as a duplicate of this bug. ***

Comment 2 Florian Best

2017-06-28 14:52:05 CEST

There is a Customer ID set so I set the flag "Enterprise Customer affected".

Comment 3 Florian Best

2017-10-18 14:57:41 CEST

Created attachment 9254 [details]
patch (branch fbest/42308-ldap-user-password-change)

I created a patch for this: If the regular password changing fails, it is checked if the users is a ldap-only user (without posix, samba, kerberos). If this is the case the password is changed via UDM/LDAP. For the change the user needs "write" LDAP ACL access to his own 'pwhistory' and 'userPassword' attributes.

Comment 4 Stefan Gohmann

2019-01-03 07:17:51 CET

This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.