Univention Bugzilla – Bug 51684
Serverpasswordchange fails on all server roles in case ppolicy is enabled
Last modified: 2020-09-18 13:58:48 CEST
+++ This bug was initially created as a clone of Bug #51676 +++ although the symptoms are comparable to Bug #51676 (permision denied when changing the password using udm-cli) it appears as if there is no relation in the root cause. possible steps to reproduce: - activate ppolicy as documented in https://docs.software-univention.de/handbuch-4.4.html#users:faillog-openldap - trigger server_password_change observation: - changing the password using udm-cli fails by using valid machine credentials - changing the password as root using udm-cli is possible
I have observed the behaviour on all system roles (Master, Backup, Slave, there is no Member in the customer environment). There are no traces that ppolicy has ever triggered on a machine account. Both "pwdFailureTime" and "pwdAccountLockedTime" are only logged for user accounts but not for machine accounts. This was checked on LDAP on the Master as well as on the local LDAP of the Slave. In addition I tried "univention-ldapsearch" successfully on my personal enviroment where I can reproduce the behaviour. If a lock would ever had happened, a successful bind should have reset it.
*** This bug has been marked as a duplicate of bug 51676 ***