Bug 45287 - 'Account deactivation' and 'Locked login methods' can't be set at once
'Account deactivation' and 'Locked login methods' can't be set at once
Product: UCS
Classification: Unclassified
Component: UMC - User settings
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-2-errata
Assigned To: Florian Best
Daniel Tröder
: 33394 (view as bug list)
Depends on:
Blocks: 45467
  Show dependency treegraph
Reported: 2017-08-30 07:04 CEST by Stefan Gohmann
Modified: 2017-11-21 11:56 CET (History)
5 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.257
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Ticket number: 2017082921000361, 2017112121000315
Bug group (optional): External feedback
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2017-08-30 07:04:33 CEST
If I set 'Account deactivation' to 'All disabled' and 'Locked login methods' to 'Lock all login methods' in one step, the option 'Account deactivation' is set to 'POSIX and Kerberos disabled'.
Comment 1 Florian Best univentionstaff 2017-08-30 10:54:00 CEST
*** Bug 33394 has been marked as a duplicate of this bug. ***
Comment 2 Florian Best univentionstaff 2017-08-30 10:54:11 CEST
*** Bug 24185 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Tröder univentionstaff 2017-09-26 15:25:32 CEST
Made the bug more relevant, because its duplicate Bug #24185 is the reason for Bug #42913, which is an important school bug.
Comment 4 Florian Best univentionstaff 2017-09-26 15:42:11 CEST
The difference which would be correct afterwards:
-shadowExpire: 17449
+shadowExpire: 1
Comment 5 Daniel Tröder univentionstaff 2017-09-26 15:42:38 CEST
Please reactivate (make it fail, not just print an error message) ucs-test-ucsschool/90_ucsschool/216_import-users_delete_variants (around line 156) when this is fixed.
Comment 6 Florian Best univentionstaff 2017-09-26 18:08:50 CEST
The problem was, that sambaAcctFlags was changed multiple times in the modlist and didn't contain the "D" afterwards. I unified the setting of sambaAcctFlags in one central place.

univention-directory-manager-modules (12.0.18-10):
NONE | Bug #45287: Merge branch 'fbest/45287-samba-acct-flags-wrong-after-locked-and-disabled-changed' into 4.2-2
NONE | Bug #45287: the sambaAcctFlags are now correctly set when "locked" and "deactivated" is set at once during modification of user objects

NONE | Bug #45287: Merge branch 'fbest/45287-samba-acct-flags-wrong-after-locked-and-disabled-changed' into 4.2-2
NONE | YAML Bug #45287
Comment 8 Florian Best univentionstaff 2017-09-27 13:57:18 CEST
(In reply to Daniel Tröder from comment #7)
> I think this broke something on memberservers:
> http://jenkins.knut.univention.de:8080/job/UCSschool%204.2/job/UCSschool%204.
> 2%20Multiserver/SambaVersion=s4-school-only-with-memberserver/206/
What exactly are you referring to? All the tests fail because:
Warning: 'univention-samba4-dns' is not configured.
And the system is not correctly joined anymore.
→ This is probably caused by the erratum yesterday: Bug #45439?!
Comment 9 Daniel Tröder univentionstaff 2017-10-09 15:14:24 CEST
OK: code
OK: advisory
OK: test: added (commit c6a7fdca) the ucs-test 61_udm-users/37_user_modification_set_deactivation_and_locked
which fails with u-d-m-modules < 12.0.18-10 and succeeds with u-d-m-modules 12.0.18-10.
Comment 10 Arvid Requate univentionstaff 2017-10-10 13:38:11 CEST
check_errata_for_release says:

[FAIL] changes.valid: Mismatching binary package version: 12.0.18-10A~ != python-univention-directory-manager 12.0.18-11A~ from univention-directory-manager-modules 12.0.18-11A~

I guess the version in the advisory doesn't match the latest changelog/build?
Comment 11 Florian Best univentionstaff 2017-10-10 13:56:55 CEST
Comment 12 Arvid Requate univentionstaff 2017-10-10 15:38:46 CEST
Comment 13 Florian Best univentionstaff 2017-11-21 11:56:31 CET
For the search:
LDAP Error: Constraint violation: sambaAcctFlags: multiple values provided

Reported again,
version/erratalevel: 197
version/patchlevel: 1
version/releasename: Lesum
version/version: 4.2