Bug 47781 – Define cronjob for server password change via UCR

Bug 47781 - Define cronjob for server password change via UCR


Summary:	Define cronjob for server password change via UCR

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Password changes
Version:	UCS 4.3
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.3-2-errata
Assigned To:	Jannik Ahlers
QA Contact:	Philipp Hahn

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-09-11 13:51 CEST by Sönke Schwardt-Krummrich
Modified:	2018-10-04 14:27 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.046
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:

Attachments
Add UCRV server/password/cron (7.84 KB, patch) 2018-09-11 15:15 CEST, Philipp Hahn	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sönke Schwardt-Krummrich

2018-09-11 13:51:26 CEST

Every night at 1 AM a cronjob calls the script /usr/lib/univention-server/server_password_change (with a jitter of 10min). This time is currently hardcoded and should be customizable via a UCR variable.

Reason: 
This behavior is unfavorable in larger UCS@school environments, since the user imports take several hours and are usually performed at night. There was already a customer where the server password was changed during the user import and the import was aborted with various error messages.

Current workaround: disabling the server password change for the UCS master.

Comment 1 Philipp Hahn

2018-09-11 15:15:21 CEST

Created attachment 9670 [details]
Add UCRV server/password/cron

Comment 2 Jannik Ahlers

2018-10-02 11:07:23 CEST

Successful build
Package: univention-server
Version: 13.0.0-7A~4.3.0.201810021104
Branch: ucs_4.3-0
Scope: errata4.3-2

univention-server (13.0.0-7)
891966e0fa99 | Bug #47781: Make time for password change check configurable

univention-server.yaml
ec5b159385cc | Bug #47781: yaml
891966e0fa99 | Bug #47781: Make time for password change check configurable

I applied philipps patch.

Comment 3 Jannik Ahlers

2018-10-02 17:21:57 CEST

Successful build
Package: univention-server
Version: 13.0.0-8A~4.3.0.201810021718
Branch: ucs_4.3-0
Scope: errata4.3-2

univention-server.yaml
c0402e8197a4 | Bug #47781: yaml
8b8d8926e1f7 | Bug #47781: fix ucr variable descriptions

univention-server (13.0.0-8)
8b8d8926e1f7 | Bug #47781: fix ucr variable descriptions

fixed typos and umlaut encoding.

Comment 4 Philipp Hahn

2018-10-02 18:04:05 CEST

OK: univention-server.yaml
OK: errata-announce -V --only univention-server.yaml

OK: 891966e0fa99 8b8d8926e1f7
OK: apt install univention-role-server-common
OK: ucr info server/password/cron
OK: ucr set server/password/cron='30 17 * * *'
OK: tail -f /var/log/syslog /var/log/univention/server_password_change.log

Comment 5 Arvid Requate

2018-10-04 14:27:49 CEST

<http://errata.software-univention.de/ucs/4.3/262.html>