Univention Bugzilla – Bug 51496
Improve Self-Service error messages
Last modified: 2020-09-16 12:44:47 CEST
The error message "Invalid credentials. Password change failed." or "Ungültige Zugangsdaten. Passwortwechsel fehlgeschlagen" are really missleading if the cause of the error are the two ad ucr variables, which are not set and are recommended using an AD connection. ucr info ad/reset/username ad/reset/username: <empty> ucr info ad/reset/password ad/reset/password: <empty> --------------------- The supposed error message: "The configuration of the password reset service is not complete. The UCR variables "ad/reset/username" and "ad/reset/password" need to be set properly. Please inform an administration." was not shown.
What is the UCR variable ad/member? And what is the univentionObjectFlag attribute of the user where you try to change the password?
The Server is not in ad member mode, but these ucr variables may help? connector/ad/mapping/syncmode: read connector/ad/mapping/user/ignorelist: Administrator,krbtgt,root,pcpatch connector/ad/mapping/user/syncmode: sync
In this forum thread the expected error message works as expected https://help.univention.com/t/15361
(In reply to Erik Damrose from comment #3) > In this forum thread the expected error message works as expected > https://help.univention.com/t/15361 Yes this UCS in AD membermode. This is different to this environment. Here the UCS is not a member, so there is just the AD-connection used.
Experiencing the same issue in a larger environment, but UCRs are already set as following: ~# ucr search ad/reset ad/reset/password: Secret ad/reset/username: Administrator The system is working with ad-connector as following: ~# ucr search connector/ad/mapping/user connector/ad/mapping/user/ignorelist: Administrator,krbtgt,root,pcpatch connector/ad/mapping/user/syncmode: sync connector/ad/mapping/syncmode: read The password-change itself is working fine, if username, old pw, new pw are entered correctly. If the username or old pw is entered wrong or new pw is not long or save enough, the same error-messages come up: (In reply to Christina Scheinig from comment #0) > The error message > "Invalid credentials. Password change failed." > or > "Ungültige Zugangsdaten. Passwortwechsel fehlgeschlagen"
The error message was always "Invalid credentials. Password change failed." without caring if the old or the new password was wrong. The message has been changed to "Changing password failed. The username and/or the old password is not correct." in case the original password was entered wrong. In case the new password does not meet the password complexity criterias the message from the UMC-Server is used, which is e.g. "Changing password failed. The password is too simple.". Comment #0 is invalid. The UCR Variables are only for ad/member systems. And they work if an AD user tries to change its password. univention-management-console (11.0.4-104) 8af988d94658 | Bug #51496: add flag that password changing failed univention-management-console.yaml 8646feb2048c | YAML Bug #51496 univention-self-service.yaml 8646feb2048c | YAML Bug #51496 univention-self-service (4.0.3-38) a15dc432b4ca | Bug #51496: fix error message in case password changing failed
(In reply to Florian Best from comment #6) > The error message was always "Invalid credentials. Password change failed." > without caring if the old or the new password was wrong. > The message has been changed to "Changing password failed. The username > and/or the old password is not correct." in case the original password was > entered wrong. > In case the new password does not meet the password complexity criterias the > message from the UMC-Server is used, which is e.g. "Changing password > failed. The password is too simple.". > > Comment #0 is invalid. The UCR Variables are only for ad/member systems. And > they work if an AD user tries to change its password. These variables had to be set to make self service work on a master which is in sync to an ad server. Without these variables the self service did not work, and the problem was to find out, that these variables had to be set. So therefor a helpful error message would be useful pointing to that missing variables in this kind of scenario if possible.
What I tested: The user is informed that the current credentials were wrong -> OK YAML -> OK -> Verified
<https://errata.software-univention.de/#/?erratum=4.4x749> <https://errata.software-univention.de/#/?erratum=4.4x750>