Comment 1 Florian Best 2020-11-30 17:51:54 CET

It's a regression caused by Bug #51994.

Comment 3 Ingo Steuwer 2021-01-25 09:01:54 CET

I think we have two things here:

1. the password generated for importhttpapi-dc-backup doesn't meet the complexity criterias
2. the error message is misleading

We should focus on 1. here, so I change the component.

Comment 4 Arvid Requate 2021-01-27 15:05:11 CET

No, the code is wrong. user/ldap doesn't have a displayName
and thus the check gerenates the traceback no matter how
complex the password is.

Comment 5 Arvid Requate 2021-01-27 15:06:04 CET

*** Bug 52706 has been marked as a duplicate of this bug. ***

Comment 6 Daniel Tröder 2021-02-11 13:36:46 CET

The part of the join script generating a password not secure enough is handled in Bug 52770.
This bug (52446) will handle the error in UDM.

Comment 9 Erik Damrose 2021-03-03 13:56:57 CET

(In reply to Daniel Tröder from comment #6)
> The part of the join script generating a password not secure enough is
> handled in Bug 52770.

With this done, the 'school customer affected' flag can be removed from this bug.

Comment 10 Julia Bremer 2021-05-18 18:03:40 CEST

Successful build
Package: univention-directory-manager-modules
Version: 14.0.20-11A~4.4.0.202105181748
Branch: ucs_4.4-0
Scope: errata4.4-8
User: jbremer

1e596d4dc2 Bug #52446: yaml
659cd55a3c Bug #52446: Dont evaluate displayname with users/ldap when checking mspolicy complexity

Added the test test/ucs-test/tests/61_udm-users/54_udm_users_ldap_mspolicy
Waiting for test results

Comment 11 Julia Bremer 2021-05-19 08:44:00 CEST

Tests were successful, created merge request 
https://git.knut.univention.de/univention/ucs/-/merge_requests/95

Comment 12 Max Pohle 2021-05-27 11:23:46 CEST

# Tests done

1. Setup the environment (in a 4.8. system):

```
$ ucr set password/quality/mspolicy=true

$ udm policies/pwhistory modify --dn cn=default-settings,cn=pwhistory,cn=users,cn=policies,dc=univention,dc=intranet --set pwQualityCheck=TRUE
```


2. Reproduce the error

```
$ udm users/ldap create --ignore_exists --set username=jdoe2 --set lastname=Doe2  --set password=1test2test3!

Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 219, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 409, in doit
    out = _doit(arglist)
  File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 755, in _doit
    dn = object.create()
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 557, in create
    dn = self._create(response=response, serverctrls=serverctrls)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1241, in _create
    al.extend(self._ldap_modlist())
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/ldap.py", line 223, in _ldap_modlist
    self._check_password_complexity(pwhistoryPolicy)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/ldap.py", line 302, in _check_password_complexity
    pwdCheck.check(self['password'], username=self['username'], displayname=self['displayName'])
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 478, in __getitem__
    elif key not in self.__no_default and self.descriptions[key].editable:
KeyError: 'displayName'
```

3. Apply patch and test again

* added test servers to /etc/apt/sources.list 
* updated the system (checked, that it contained an update of 
univention-directory-manager-modules)


```
udm users/ldap create --ignore_exists --set username=jdoe2 --set lastname=Doe2  --set password=1test2test3!
WARNING: The object is not going to be created underneath of its default containers.
Object created: uid=jdoe2,dc=univention,dc=intranet
```

> The fix works.

Comment 13 Erik Damrose 2021-06-02 17:09:33 CEST

<https://errata.software-univention.de/#/?erratum=4.4x986>