Univention Bugzilla – Bug 52910
Unlocking previously Password locked account via PAM authentication not shown in UMC/UDM
Last modified: 2021-05-07 10:40:47 CEST
Unlocking of a user account via PAM login (e.g. ssh) that previously suffered a Password-Lockout (but lockout duration has passed) doesn't unlock the account in UDM. root@dc0:~# udm users/user list --filter username=user1 | egrep "^ +locked:" locked: 1 I guess the only consequence of this is, that it continues to be shown as locked in UMC/UDM, but I'm unsure about this. As a result, the sambaAcctFlags also still show the accout as locked, but that doesn't have any usability consequences if lockout duration in Samba/AD is configured the same as for faillog: root@dc0:~# univention-ldapsearch -LLL uid=user1 userPassword sambaBadPasswordCount krb5KDCFlags sambaAcctFlags sambaBadPasswordTime pwdFailureTime pwdAccountLockedTime | ldapsearch-decode64 dn: uid=user1,cn=users,dc=samltest,dc=intranet sambaBadPasswordCount: 0 userPassword: {crypt}$6$... krb5KDCFlags: 126 sambaBadPasswordTime: 132601428200000000 sambaAcctFlags: [UL ]
This is not a regression of UCS 5, right?