First Last Prev Next    This bug is not in your last search results.
Bug 55232 - Passwords cannot be synced if no pwhistorylength is defined
Passwords cannot be synced if no pwhistorylength is defined
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: S4 Connector
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-2-errata
Assigned To: Juan Carlos
Julia Bremer
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-28 17:11 CEST by Julia Bremer
Modified: 2022-10-06 09:49 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.286
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2022091921000154, 2022092221000344, 2022092621000533
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

Attachments
s4connector.patch (1.02 KB, patch)
2022-09-28 17:11 CEST, Julia Bremer 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julia Bremer univentionstaff 2022-09-28 17:11:11 CEST 
Created attachment 10990 [details]
s4connector.patch

If no pwhistory object is linked to the user, or the pwhistorylen is not defined, passwords cannot be synced anymore.

This traceback appears. 
1705518 28.09.2022 16:51:28.632 LDAP        (PROCESS): sync AD > UCS: [          user] [    modify] 'uid=aidbud,cn=schueler,cn=users,ou=110,dc=snh2,dc=schulen-hannover,dc=de'
1705519 28.09.2022 16:51:28.656 LDAP        (ERROR  ): failed in post_con_modify_functions
1705520 28.09.2022 16:51:28.657 LDAP        (ERROR  ): Traceback (most recent call last):
1705521   File "/usr/lib/python3/dist-packages/univention/s4connector/__init__.py", line 1513, in sync_to_ucs
1705522     post_ucs_modify_function(self, property_type, object)
1705523   File "/usr/lib/python3/dist-packages/univention/s4connector/s4/password.py", line 773, in password_sync_s4_to_ucs
1705524     pwhistory_length = int(pwhistoryPolicy['length'])
1705525 TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType'

This has been fixed in the customer environment with the attached patch. 
This problem is most likely also present in the ad connector.


We need to add a test, that tests the synchronisation without andy
Comment 1 Julia Bremer univentionstaff 2022-09-28 21:14:05 CEST 
(In reply to Julia Bremer from comment #0)

> We need to add a test, that tests the synchronisation without andy
i hit enter too fast ...
without any passwordpolicies set.
Comment 3 Juan Carlos univentionstaff 2022-10-04 16:20:43 CEST 
Summary:

Fixed error when there is no password history length policy exists for a user in AD/S4 connector. 

Commits:

9d7363941a55 | Bug #55232: update advisories
b7b2c9096faa | Bug #55232: yamls and changelogs
ee27e1db633e | Bug #55232: add test case for undefined pwhistory_length in S4 pwd history sync
2ee6a46d7863 | Bug #55232: set pwhistory_length to 0 when the policy is not defined in S4/AD


Packages:

Package: univention-s4-connector
Version: 14.0.10-7A~5.0.0.202210041605
Branch: ucs_5.0-0
Scope: errata5.0-2

Package: univention-ad-connector
Version: 14.0.10-7A~5.0.0.202210041607
Branch: ucs_5.0-0
Scope: errata5.0-2

Package: ucs-test
Version: 10.0.7-26A~5.0.0.202210041610
Branch: ucs_5.0-0
Scope: errata5.0-2
Comment 4 Julia Bremer univentionstaff 2022-10-05 14:17:44 CEST 
ADconnector: OK
S4Connector: OK
Tests s4: OK
Tests AD: OK
Yaml: OK

Verified
First Last Prev Next    This bug is not in your last search results.