A service specific Password should be generated via UDM REST API.
We've added the udm rest api call `service-specific-password` which takes the argument of a service it will be used for (only radius for now), generates a random password, returns it and sets in in UDM. This is used for the selfservice. d35a4edbb3 Bug #54438, Bug #54395, Bug #54556, Bug #54555, Bug #54409, Bug #54434: YAML 0760560ca3 Bug #54438: New UDM Rest call "service-specific-password" bf4dcbc4b5 fixup! Bug #54438: New UDM Rest call "service-specific-password" Some additional work from Florian: 1b4d7d5bad YAML Bug #54438 17bb87f4a4 Bug #54438: integrate features into CLI client bf4dcbc4b5 fixup! Bug #54438: New UDM Rest call "service-specific-password" c2b4812e67 Bug #54438: add features for client 7d1bc3ef67 Bug #54438: match the object type from URL
OK: server implementation OK: error handling OK: client implementation FAIL: po-Metadata and i18n-comments were removed from "management/univention-directory-manager-rest/src/univention/admin/rest/de.po" → I fixed it in: 33c0b81924, ... (using `univention-l10n` to update po metadata) OK: API Change univention.admin.property() parameter order ~OK: "show_in_lists" evaluation for excluded properties could be moved upstream (now UDM REST API doesn't expose it, but UDM-UMC module does) FYI: with a "complex" syntax and subtypes for "service" and "password" the UDM REST API could transform the property into a dict and received values back into a list structure. UDM originally can and does only handle lists and strings as property values. OK: out of scope client improvements OK: YAML >>> user.generate_service_specific_password('radius') 'hi7Zozny5v2e7ZwC6MeUBj9P' >>> user.generate_service_specific_password('radius2') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3/dist-packages/univention/admin/rest/client/__init__.py", line 603, in generate_service_specific_password response = self.client.make_request('POST', uri, data={"service": service}) File "/usr/lib/python3/dist-packages/univention/admin/rest/client/__init__.py", line 187, in make_request return doit() File "/usr/lib/python3/dist-packages/univention/admin/rest/client/__init__.py", line 183, in doit data = self.eval_response(response, expect_json=expect_json) File "/usr/lib/python3/dist-packages/univention/admin/rest/client/__init__.py", line 215, in eval_response raise cls(response.status_code, msg, response) univention.admin.rest.client.BadRequest: POST http://localhost/univention/udm/users/user/uid%3D…/service-specific-password: 400 HTTP 400: Bad Request (Service does not support service specific passwords)
<https://errata.software-univention.de/#/?erratum=5.0x257> <https://errata.software-univention.de/#/?erratum=5.0x259>