Bug 52059 - Backport to UCS 4.4: Serverpasswordchange fails if ppolicy is enabled
Backport to UCS 4.4: Serverpasswordchange fails if ppolicy is enabled
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Password changes
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-6
Assigned To: Florian Best
Felix Botner
:
Depends on: 31907 51676
Blocks: 51684
  Show dependency treegraph
 
Reported: 2020-09-18 13:58 CEST by Nico Gulden
Modified: 2020-10-05 09:05 CEST (History)
12 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020071021000427, 2020071621000523
Bug group (optional): Workaround is available
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Gulden univentionstaff 2020-09-18 13:58:48 CEST
The bug has been fixed for UCS 5.0. It still happens on UCS 4.4. The fix from UCS 5.0 shall be backported to UCS 4.4.

+++ This bug was initially created as a clone of Bug #51676 +++

Serverpasswordchange fails on memberserver:

Starting server password change (Tue Jul  7 01:08:52 CEST 2020)
Proceeding with regular server password change scheduled for today
...
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-nscd prechange
Permission denied.
run-parts: executing /usr/lib/univention-server/server_password_change.d/50univention-mail-server nochange

univention-nscd prechange is last script in directory. File permissions and ownership is correct. Colleague DirkA has the same problem in different environment. He discovered that the following udm command in /usr/lib/univention-server/server_password_change throws the error.
Comment 1 Florian Best univentionstaff 2020-09-18 14:17:35 CEST

*** This bug has been marked as a duplicate of bug 51676 ***
Comment 2 Felix Botner univentionstaff 2020-09-18 15:08:37 CEST
OK - univention-ldap-server

# before
-> udm computers/memberserver modify  --dn  "cn=member,cn=memberserver,cn=computers,dc=four,dc=four" --binddn "cn=member,cn=memberserver,cn=computers,dc=four,dc=four" --bindpwd univention --set password=univention1
Permission denied.

# after
-> udm computers/memberserver modify  --dn  "cn=member,cn=memberserver,cn=computers,dc=four,dc=four" --binddn "cn=member,cn=memberserver,cn=computers,dc=four,dc=four" --bindpwd univention --set password=univention1
Object modified: cn=member,cn=memberserver,cn=computers,dc=four,dc=four

OK - changelog entry

OK - update
Comment 3 Erik Damrose univentionstaff 2020-10-05 09:05:55 CEST
UCS 4.4-6 has been released:
 https://docs.software-univention.de/release-notes-4.4-6-en.html
 https://docs.software-univention.de/release-notes-4.4-6-de.html

If this error occurs again, please use the "Clone This Bug" option.