Univention Bugzilla – Bug 53819
computers/windows: LDAP Error: Constraint violation: sambaNTPassword: multiple values provided
Last modified: 2021-09-21 16:19:57 CEST
udm computers/windows create --set name=t47stjpt41 --set password=sgazny72zj --set ntCompatibility=1 LDAP Error: Constraint violation: sambaNTPassword: multiple values provided al=[ ('krb5MaxLife', b'86400'), ('krb5MaxRenew', b'604800'), ('krb5KDCFlags', b'126'), ('krb5KeyVersionNumber', [], b'1'), ('uidNumber', [b'5906']), ('gidNumber', [b'1005']), ('krb5Key', [b'1'], [b'…']), ^ ('sambaNTPassword', b'', b'7E8E5FBC91EC9EA99FF1C6151A321A7E'), ^ ('sambaLMPassword', b'', b''), ^ ('sambaPwdLastSet', b'', b'1632232734'), ('sambaSID', [b'S-1-5-21-4245438275-4092417259-1110414620-12812']), ('sambaAcctFlags', [b'[W ]']), ('displayName', b't47stjpt42'), ('univentionServerRole', b'windows_client'), ('sn', None, b't47stjpt42'), ('cn', b'', b't47stjpt42'), ('homeDirectory', b'', b'/dev/null'), ('loginShell', b'', b'/bin/false'), ('uid', None, b't47stjpt42$'), ('displayName', None, b't47stjpt42'), ('krb5PrincipalName', [], [b'host/t47stjpt42.school.dev@SCHOOL.DEV']), ('krb5Key', [b'1'], [b'…']), ^ ('krb5KeyVersionNumber', [], b'1'), ('userPassword', b'', b'{crypt}$6$m4w.h1uMYDZZdrDP$rlSLzsavAmGkOxzycP1PCo4nQvcYpH3UfyFP22zHOuvyLC7KTv.Vz.KOKZ9OIJXG9mKGj/7cyTGy1RCxuftg70'), ('sambaNTPassword', b'', b'8F0966C60BABC85754CFD72D2075902B'), ^ ('sambaLMPassword', b'', b''), ^ ('sambaPwdLastSet', b'', b'1632232734'), ('objectClass', [b'univentionWindows', b'top', b'univentionHost', b'posixAccount', b'shadowAccount', b'krb5KDCEntry', b'krb5Principal', b'sambaSamAccount', b'person']), ('objectClass', [b'ucsschoolComputer']), ('ucsschoolRole', [b'win_computer:school:-']), ('objectClass', [b'univentionObject']), ('univentionObjectType', [b'computers/windows']) ] "ntCompatibility" and "password" are mutually exclusive. "ntCompatibility" should have precedence over "password" or an error should be raised if both are given.
Simple fix: don't change the password during the modlist but during _ldap_pre_ready() because the _ldap_addlist() already added the original password to the modlist. diff --git management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py index a0ad1fb0d9..f3fd89bb80 100644 --- management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py +++ management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/windows.py @@ -282,11 +282,11 @@ class object(ComputerObject): SAMBA_ACCOUNT_FLAG = 'W' SERVER_ROLE = 'windows_client' - def _ldap_modlist(self): + def _ldap_pre_ready(self): if self.hasChanged('ntCompatibility') and self['ntCompatibility'] == '1': self['password'] = self['name'].replace('$', '').lower() self.modifypassword = 1 - return super(object, self)._ldap_modlist() + return super(object, self)._ldap_pre_ready() def link(self): pass