Univention Bugzilla – Bug 55392
Do not ignore the password policy by default, only when generating passwords
Last modified: 2023-05-26 10:56:33 CEST
As a developer using the UCS@school lib I can expect UCS@school software to honor the set password policies, so that the security of my domain is as expected. -- Context/description --- 1. Adapt the UCS@school library to not ignore password policies anymore when creating users. 2. It may still ignore password policies when generating password for new users, as generating passwords that adhere to the current policy is out of scope. 3. Add an option to the school library `User` object to ignore password policies when creating or modifying users.
as discussed, merged and built with [5.0] 26edce259 Bug #55392: add option check password policies when creating or modifying users Package: ucs-school-lib Version: 13.0.28A~5.0.0.202211091547 Branch: ucs_5.0-0 Scope: ucs-school-5.0 Package: ucs-test-ucsschool Version: 7.3.78A~5.0.0.202211091550 Branch: ucs_5.0-0 Scope: ucs-school-5.0
The behavior of the UCS@school Import can be changed by setting a ~~UCR variable~~ configuration option as can the behavior of kelvin unlike the the UMC module where we will use a UCR-V. By default (when the ~~UCRV~~ configuration option is unset) it should be the old behavior (ignore the password policy when creating a user, but checking it when changing a user).
(In reply to Tobias Wenzel from comment #3) > The behavior of the UCS@school Import can be changed by setting a ~~UCR > variable~~ configuration option as can the behavior of kelvin unlike the the > UMC module where we will use a UCR-V. > > By default (when the ~~UCRV~~ configuration option is unset) it should be > the old behavior (ignore the password policy when creating a user, but > checking it when changing a user). This was meant for the import bug, sorry.
Merged, built, tested and advisory OK.
Errata updates for UCS@school 5.0 v3 have been released. https://docs.software-univention.de/ucsschool-changelog/5.0v3/de/changelog.html If this error occurs again, please clone this bug.