Bug 45287 – 'Account deactivation' and 'Locked login methods' can't be set at once

Bug 45287 - 'Account deactivation' and 'Locked login methods' can't be set at once


Summary:	'Account deactivation' and 'Locked login methods' can't be set at once

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UMC - User settings
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.2-2-errata
Assigned To:	Florian Best
QA Contact:	Daniel Tröder

URL:
Keywords:

Duplicates:	33394 (view as bug list)
Depends on:
Blocks:	45467
	Show dependency tree / graph

Reported:	2017-08-30 07:04 CEST by Stefan Gohmann
Modified:	2017-11-21 11:56 CET (History)
CC List:	5 users (show)

See Also:	35515 42947 42913
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.257
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2017082921000361, 2017112121000315
Bug group (optional):	External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2017-08-30 07:04:33 CEST

If I set 'Account deactivation' to 'All disabled' and 'Locked login methods' to 'Lock all login methods' in one step, the option 'Account deactivation' is set to 'POSIX and Kerberos disabled'.

Comment 1 Florian Best

2017-08-30 10:54:00 CEST

*** Bug 33394 has been marked as a duplicate of this bug. ***

Comment 2 Florian Best

2017-08-30 10:54:11 CEST

*** Bug 24185 has been marked as a duplicate of this bug. ***

Comment 3 Daniel Tröder

2017-09-26 15:25:32 CEST

Made the bug more relevant, because its duplicate Bug #24185 is the reason for Bug #42913, which is an important school bug.

Comment 4 Florian Best

2017-09-26 15:42:11 CEST

The difference which would be correct afterwards:
-shadowExpire: 17449
+shadowExpire: 1

Comment 5 Daniel Tröder

2017-09-26 15:42:38 CEST

Please reactivate (make it fail, not just print an error message) ucs-test-ucsschool/90_ucsschool/216_import-users_delete_variants (around line 156) when this is fixed.

Comment 6 Florian Best

2017-09-26 18:08:50 CEST

The problem was, that sambaAcctFlags was changed multiple times in the modlist and didn't contain the "D" afterwards. I unified the setting of sambaAcctFlags in one central place.

univention-directory-manager-modules (12.0.18-10):
NONE | Bug #45287: Merge branch 'fbest/45287-samba-acct-flags-wrong-after-locked-and-disabled-changed' into 4.2-2
NONE | Bug #45287: the sambaAcctFlags are now correctly set when "locked" and "deactivated" is set at once during modification of user objects

univention-directory-manager-modules.yaml:
NONE | Bug #45287: Merge branch 'fbest/45287-samba-acct-flags-wrong-after-locked-and-disabled-changed' into 4.2-2
NONE | YAML Bug #45287

Comment 7 Daniel Tröder

2017-09-27 13:50:51 CEST

I think this broke something on memberservers: http://jenkins.knut.univention.de:8080/job/UCSschool%204.2/job/UCSschool%204.2%20Multiserver/SambaVersion=s4-school-only-with-memberserver/206/

Comment 8 Florian Best

2017-09-27 13:57:18 CEST

(In reply to Daniel Tröder from comment #7)
> I think this broke something on memberservers:
> http://jenkins.knut.univention.de:8080/job/UCSschool%204.2/job/UCSschool%204.
> 2%20Multiserver/SambaVersion=s4-school-only-with-memberserver/206/
What exactly are you referring to? All the tests fail because:
Warning: 'univention-samba4-dns' is not configured.
And the system is not correctly joined anymore.
→ This is probably caused by the erratum yesterday: Bug #45439?!

Comment 9 Daniel Tröder

2017-10-09 15:14:24 CEST

OK: code
OK: advisory
OK: test: added (commit c6a7fdca) the ucs-test 61_udm-users/37_user_modification_set_deactivation_and_locked
which fails with u-d-m-modules < 12.0.18-10 and succeeds with u-d-m-modules 12.0.18-10.

Comment 10 Arvid Requate

2017-10-10 13:38:11 CEST

check_errata_for_release says:

[FAIL] changes.valid: Mismatching binary package version: 12.0.18-10A~4.2.0.201709261808 != python-univention-directory-manager 12.0.18-11A~4.2.0.201710091208 from univention-directory-manager-modules 12.0.18-11A~4.2.0.201710091208

I guess the version in the advisory doesn't match the latest changelog/build?

Comment 11 Florian Best

2017-10-10 13:56:55 CEST

done.

Comment 12 Arvid Requate

2017-10-10 15:38:46 CEST

<http://errata.software-univention.de/ucs/4.2/190.html>

Comment 13 Florian Best

2017-11-21 11:56:31 CET

For the search:
LDAP Error: Constraint violation: sambaAcctFlags: multiple values provided

Reported again,
version/erratalevel: 197
version/patchlevel: 1
version/releasename: Lesum
version/version: 4.2