Univention Bugzilla – Bug 52706
With complexity checking enabled, UDM throws a traceback when creating a simple authentication User.
Last modified: 2021-01-27 15:06:04 CET
+++ This bug was initially created as a clone of Bug #51994 +++ Currently univention.password.Check doesn't support configuration of standard MS password criteria: https://docs.microsoft.com/de-de/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements We currently use cracklib, which doesn't offer the "minclass" configuration option which e.g. pam_cracklib offers. On the other hand cracklib checks to much, e.g. for palindrom and social security number format. We should provide a way for customers to configure the standard MS password criteria, even if they don't use Samba/AD. And those who do may benefit of this too, because univention.password.Check is used in UDM users/user to check passwords set via UMC/UDM-web or UDM-cli. ===================================================================== With complexity checking enabled, UDM throws a traceback when creating a Simple Authentication User. According to Erik a regression of bug 51994. A simple authentification user has no attribut display name... root@dc0:~ # udm users/ldap create --position cn=users,$(ucr get ldap/base) --set username="authacc3" --set password="univention" Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 219, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 409, in doit out = _doit(arglist) File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 755, in _doit dn = object.create() File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 557, in create dn = self._create(response=response, serverctrls=serverctrls) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1241, in _create al.extend(self._ldap_modlist()) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/ldap.py", line 223, in _ldap_modlist self._check_password_complexity(pwhistoryPolicy) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/ldap.py", line 302, in _check_password_complexity pwdCheck.check(self['password'], username=self['username'], displayname=self['displayName']) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 478, in __getitem__ elif key not in self.__no_default and self.descriptions[key].editable: KeyError: 'displayName'
*** This bug has been marked as a duplicate of bug 52446 ***