Bug 58048 - [5.2-1] Day of password expiry, a passwordchange is prompted but not followed through with sso login
Summary: [5.2-1] Day of password expiry, a passwordchange is prompted but not followed...
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: UMC - Users
Version: UCS 5.2
Hardware: Other Linux
: P5 normal
Target Milestone: UCS 5.2-1-errata
Assignee: Arvid Requate
QA Contact: Felix Botner
URL: https://git.knut.univention.de/univen...
Keywords:
Depends on: 57681
Blocks:
  Show dependency treegraph
 
Reported: 2025-03-10 13:48 CET by Arvid Requate
Modified: 2025-03-12 14:48 CET (History)
7 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.143
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:
requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2025-03-10 13:48:18 CET 
The changes from Bug #57681 also need to be released as errata update for 5.2-1.


+++ This bug was initially created as a clone of Bug #57681 +++
Comment 1 Arvid Requate univentionstaff 2025-03-10 17:09:56 CET 
* cherry-picked openldap from 5.2-0 to errata5.2-1
  # repo_admin.py --cherrypick --release 5.2-0 --releasedest 5.2-0 --dest errata5.2-1 --package openldap

* merged the change cf02335b4@ucs-test:
  # openldap/ucs_5.2-0-errata5.2-1/2.5.13+dfsg-5/97_shadowbind_overlay.quilt
  94e208143@ucs-test | merge change from Bug #57681 to errata5.2-1

* built openldap with the merged patch in errata5.2-1:
  # b52-scope errata5.2-1 openldap
  Package: openldap
  Version: 2.5.13+dfsg-5A~5.2.0.202503101504
  Branch: 5.2-0
  Scope: errata5.2-1

* cherry-picked everything from 5.0-10 into a 5.2-1 based feature branch
  and adjusted the versions in debian/changelog and in the advisories
  # git log --oneline -E --grep "(Issue univention/ucs#2552|Bug #57681)"
* merged the feature branch arequate/58048-ucs521-pw-expiry-shadowMax into 5.2-1
  # git log --oneline --grep "Bug #58048" | tac
  1c201f8e5d9 | shadowMax := pwhistoryPolicy.expiryInterval - 1
  87b727d08e5 | changelogs and advisories
  ae6e52207b6 | AD-Connector too
  b499c566f49 | Handle case pwhistoryPolicy.expiryInterval == 0 (or undefined)
  91cfd9d41be | adjust tests to work with shadowMax - 1
  55c295c5bd5 | Advisory for OpenLDAP
  d8a9ec82dd9 | reduce flakiness of playwright password change test
  db93bf5e7fa | Advisory update for errata5.2-1

* imported and built the packages in errata5.2-1:

Package: univention-directory-manager-modules
Version: 17.0.29-3
Branch: 5.2-0
Scope: errata5.2-1

Package: univention-s4-connector
Version: 16.0.7-2
Branch: 5.2-0
Scope: errata5.2-1

Package: univention-ad-connector
Version: 16.0.14-3
Branch: 5.2-0
Scope: errata5.2-1

Package: ucs-test
Version: 12.0.248-4
Branch: 5.2-0
Scope: errata5.2-1
Comment 2 Felix Botner univentionstaff 2025-03-12 13:13:06 CET 
OK - cherry-pick
OK - univention-ad-connector
OK - openldap
OK - univention-directory-manager-modules
OK - univention-s4-connector
OK - YAML
OK - Tests (55_adconnector.503test_password_change_next_logon will be fixed)
Comment 3 Arvid Requate univentionstaff 2025-03-12 13:23:19 CET 
cd9bfc6403c | fix 55_adconnector/503test_password_change_next_logon

Package: ucs-test
Version: 12.0.249-2
Branch: 5.2-0
Scope: errata5.2-1