Univention Bugzilla – Bug 42308
simple authentication/LDAP users cannot change their password via UMC
Last modified: 2022-04-21 00:36:07 CEST
Currently it is not possible for simple authentication users to reset their passwords via UMC. Use case: I created a simple authentication user [1] for a partner of a customer to connect his service to the customer LDAP. This service user got an initial password which I send to the partner but he can not reset it via UMC. [1] http://wiki.univention.de/index.php?title=Cool_Solution_-_LDAP_search_user
*** Bug 39636 has been marked as a duplicate of this bug. ***
There is a Customer ID set so I set the flag "Enterprise Customer affected".
Created attachment 9254 [details] patch (branch fbest/42308-ldap-user-password-change) I created a patch for this: If the regular password changing fails, it is checked if the users is a ldap-only user (without posix, samba, kerberos). If this is the case the password is changed via UDM/LDAP. For the change the user needs "write" LDAP ACL access to his own 'pwhistory' and 'userPassword' attributes.
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.