Univention Bugzilla – Bug 48231
sambaNTPassword: NO PASSWORD*** after AD-Takeover from ad/member
Last modified: 2021-05-14 16:38:06 CEST
If an AD-Takeover is performed in an UCS domain that previously had an ad/member connection to the AD domain, the user password attributes in OpenLDAP have special values: * userPassword: {KINIT} * sambaNTPassword: NO PASSWORD********************* * krb5Keys: <generated by users/user from random password> When the S4-Connector is started during the AD-Takeover, it starts with sync_from_ucs. Bug #35540 fixed the rejects that occurred in this situation, by ignoring these "NO PASSWORD" password values. But that still leaves these values in OpenLDAP and that might cause confusion (and possibly issues in special setups). We could improve this by running a resync_from_s4 in AD-Takeover: /usr/share/univention-s4-connector/resync_object_from_s4.py \ --filter '(&(objectClass=user)(!(objectClass=computer))(userAccountControl:1.2.840.113556.1.4.803:=512))' The filter ^^^ is taken from the 'user' section of the S4-Connector mapping.
This issue has been filed against UCS 4.3. UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.