First Last Prev Next    This bug is not in your last search results.
Bug 55501 - Failure through ppolicy for udm_lock_account action on replica node
Failure through ppolicy for udm_lock_account action on replica node
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: General
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-2-errata
Assigned To: Arvid Requate
Juan Pedro Torres
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-12-17 07:28 CET by Mirac Erdemiroglu
Modified: 2023-01-13 15:50 CET (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2022120521000674
Bug group (optional): Usability
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Mirac Erdemiroglu univentionstaff 2022-12-17 07:34:33 CET 
Research from Arvid

When I look into ~/svn/patches/openldap/5.0-0-0-ucs/2.5.11+dfsg-1-errata5.0-1/70_ppolicy_udm_lock.quilt then I think that in case of a lockout event OpenLDAP does thje following which can be simulated manually on the console of the UCS@school replica:
HOME=/ python3 -m univention.lib.account lock \
  --dn "<uid=username,...>" \
  --lock-time "$(date --utc '+%Y%m%d%H%M%SZ')"
Comment 3 Mirac Erdemiroglu univentionstaff 2022-12-17 08:54:03 CET 
Important if necessary: also with central users (here cn=users,dc=mydomain,dc=intranet) the lock is not possible
Comment 4 Arvid Requate univentionstaff 2022-12-30 13:09:40 CET 
bf7110388c | Allow replicas to lockout user accounts
af3730c92f | Advisory
043eb771ea | debian/changelog
ea97d40310 | Advisory update

Package: univention-ldap
Version: 16.0.7-25A~5.0.0.202212301255
Branch: ucs_5.0-0
Scope: errata5.0-2
Comment 5 Arvid Requate univentionstaff 2023-01-02 18:24:03 CET 
d9bef5db1b | restart slapd during update (univention-ldap-acl-master.postinst)
dabc0d446d | Advisory update

Package: univention-ldap
Version: 16.0.7-25A~5.0.0.202301021816
Branch: ucs_5.0-0
Scope: errata5.0-2
Comment 6 Juan Pedro Torres univentionstaff 2023-01-03 10:33:17 CET 
Verified:
* Package update
* Functional test
* Advisory Ok
First Last Prev Next    This bug is not in your last search results.