Bug 52770 - [fix join script] 35ucs-school-import.inst traceback in password quality check when creating users/ldap "importhttpapi-dc-backup"
Summary: [fix join script] 35ucs-school-import.inst traceback in password quality chec...
Status: CLOSED FIXED
Alias: None
Product: UCS@school
Classification: Unclassified
Component: Import scripts
Version: UCS@school 4.4
Hardware: Other Linux
: P5 normal
Target Milestone: UCS@school 4.4 v8-errata
Assignee: Daniel Tröder
QA Contact: Ole Schwiegert
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-11 13:35 CET by Daniel Tröder
Modified: 2021-02-23 16:14 CET (History)
8 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.429
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020112421000492, 2021012621000791
Bug group (optional): Regression
Customer ID: 57195
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2021-02-11 13:35:37 CET 
In this bug we'll only fix the password complexity of the password generated in the join script.
The error in UDM will be addressed in the original Bug 52446.

=======================================================================

+++ This bug was initially created as a clone of Bug #52446 +++

Configure 35ucs-school-import.inst Mon Nov 30 14:37:38 CET 2020
2020-11-30 14:37:38.379475972+01:00 (in joinscript_init)
Creating password for unprivileged LDAP user importhttpapi-dc-backup.
Creating unprivileged LDAP user importhttpapi-dc-backup...
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 219, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 409, in doit
    out = _doit(arglist)
  File "/usr/lib/python2.7/dist-packages/univention/admincli/admin.py", line 755, in _doit
    dn = object.create()
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 557, in create
    dn = self._create(response=response, serverctrls=serverctrls)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 1241, in _create
    al.extend(self._ldap_modlist())
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/ldap.py", line 223, in _ldap_modlist
    self._check_password_complexity(pwhistoryPolicy)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/ldap.py", line 302, in _check_password_complexity
    pwdCheck.check(self['password'], username=self['username'], displayname=self['displayName'])
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/__init__.py", line 478, in __getitem__
    elif key not in self.__no_default and self.descriptions[key].editable:
KeyError: 'displayName'


First displayName is much confusing, because a simple authentication accound doe not have a 'display name'. So maybe looking for 'description'?   

So removing the quality check in the default password policy fixed the problem temporarily and the joinscript got finished.
Comment 2 Daniel Tröder univentionstaff 2021-02-18 09:37:17 CET 
The password now includes special, lower and upper case chars and is 50 chars long. This should satisfy any realistic password policy. The actual policy is not analysed.

[4.4] 6ae55f64c Bug #52770: generate password for importhttpapi user/ldap including special chars
[4.4] f0d3ee642 Bug #52770: advisory update

ucs-school-import (17.0.49)
Comment 3 Ole Schwiegert univentionstaff 2021-02-18 09:54:18 CET 
Changelog&Advisory: OK
Fix: OK
Tested on VM: OK
Jenkins: OK
Comment 4 Tobias Wenzel univentionstaff 2021-02-23 16:14:54 CET 
Errata update for UCS@school 4.4 v8 have been released.

https://docs.software-univention.de/changelog-ucsschool-4.4v8-de.html

If this error occurs again, please clone this bug.