Bug 47781 - Define cronjob for server password change via UCR
Define cronjob for server password change via UCR
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Password changes
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-2-errata
Assigned To: Jannik Ahlers
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-11 13:51 CEST by Sönke Schwardt-Krummrich
Modified: 2018-10-04 14:27 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:


Attachments
Add UCRV server/password/cron (7.84 KB, patch)
2018-09-11 15:15 CEST, Philipp Hahn
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2018-09-11 13:51:26 CEST
Every night at 1 AM a cronjob calls the script /usr/lib/univention-server/server_password_change (with a jitter of 10min). This time is currently hardcoded and should be customizable via a UCR variable.

Reason: 
This behavior is unfavorable in larger UCS@school environments, since the user imports take several hours and are usually performed at night. There was already a customer where the server password was changed during the user import and the import was aborted with various error messages.

Current workaround: disabling the server password change for the UCS master.
Comment 1 Philipp Hahn univentionstaff 2018-09-11 15:15:21 CEST
Created attachment 9670 [details]
Add UCRV server/password/cron
Comment 2 Jannik Ahlers univentionstaff 2018-10-02 11:07:23 CEST
Successful build
Package: univention-server
Version: 13.0.0-7A~4.3.0.201810021104
Branch: ucs_4.3-0
Scope: errata4.3-2

univention-server (13.0.0-7)
891966e0fa99 | Bug #47781: Make time for password change check configurable

univention-server.yaml
ec5b159385cc | Bug #47781: yaml
891966e0fa99 | Bug #47781: Make time for password change check configurable

I applied philipps patch.
Comment 3 Jannik Ahlers univentionstaff 2018-10-02 17:21:57 CEST
Successful build
Package: univention-server
Version: 13.0.0-8A~4.3.0.201810021718
Branch: ucs_4.3-0
Scope: errata4.3-2

univention-server.yaml
c0402e8197a4 | Bug #47781: yaml
8b8d8926e1f7 | Bug #47781: fix ucr variable descriptions

univention-server (13.0.0-8)
8b8d8926e1f7 | Bug #47781: fix ucr variable descriptions

fixed typos and umlaut encoding.
Comment 4 Philipp Hahn univentionstaff 2018-10-02 18:04:05 CEST
OK: univention-server.yaml
OK: errata-announce -V --only univention-server.yaml

OK: 891966e0fa99 8b8d8926e1f7
OK: apt install univention-role-server-common
OK: ucr info server/password/cron
OK: ucr set server/password/cron='30 17 * * *'
OK: tail -f /var/log/syslog /var/log/univention/server_password_change.log
Comment 5 Arvid Requate univentionstaff 2018-10-04 14:27:49 CEST
<http://errata.software-univention.de/ucs/4.3/262.html>