58189 – Notification about password complexity in UMC

Bug 58189 - Notification about password complexity in UMC

Summary: Notification about password complexity in UMC

Status:	NEW

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	UMC (Generic)
Version:	UCS 5.2
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	UMC maintainers
QA Contact:	UMC maintainers

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:	55529
Blocks:
	Show dependency tree / graph

Reported:	2025-04-09 10:11 CEST by Mirac Erdemiroglu
Modified:	2025-11-17 15:00 CET (History)
CC List:	7 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.103
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2025031021000158, 2025110521000091
Bug group (optional):	Regression
Customer ID:	02149
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mirac Erdemiroglu

2025-04-09 10:11:55 CEST

+++ This bug was initially created as a clone of Bug #55529 +++

UCRV:
 umc/login/password-complexity-message/* 
Specifies a localized text for password complexity notes used on changing the password (e.g: umc/login/password-complexity-message/en='The password must contain at least 3 special chars, at least 20 characters long and consists of at least 5 different characters.')


The setting of the variable leads not to the expected behavior of displaying the text in all relevant services (eg. the self-service).

We should add the text on all needed places and maybe display it not only on failing password-change but also before trying to set a new one.



Customer affected 2025031021000158

I reopened the bug because I received a ticket from a customer who runs into exactly these errors.

I can recreate the scenario on my school test system.

UCS: 5.0-9 errata1212
Installed: samba4=4.16 ucsschool=5.0 v6

samba4/role: DC
server/role: domaincontroller_master
system/setup/boot/select/role: true
ucsschool/import/roleshare/.*/path: <empty>
ucsschool/import/roleshare: <empty>
ucsschool/update/user/role: yes



Passwörter (Schüler)
Klasse oder Arbeitsgruppe
Name
0 Einträge von 1 ausgewählt
Name	Änderung des Passwortes erforderlich
Benachrichtigungen
Ein Fehler ist aufgetreten:

Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".

Interner Server-Fehler in "schoolusers/password/reset (student)".
Request: schoolusers/password/reset (student)

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/schoolusers/__init__.py", line 167, in password_reset
    _password_reset(request, ldap_user_write)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/schoolusers/__init__.py", line 160, in _password_reset
    user.modify()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1288, in modify
    return super(object, self).modify(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 693, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response, serverctrls=serverctrls)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1398, in _modify
    ml = self._ldap_modlist()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1580, in _ldap_modlist
    self._check_password_complexity(pwhistoryPolicy)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1677, in _check_password_complexity
    raise univention.admin.uexceptions.pwToShort(_('The password is too short, at least %d characters needed!') % (password_minlength,))
univention.admin.uexceptions.pwToShort: Fehler in der Passwort-Richtlinie: Das Passwort ist zu kurz, mindestens 10 Zeichen erforderlich!

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/udm/connections.py", line 71, in _wrap_connection
    return func(**kwargs)
  File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 161, in getAdminConnection
    lo = univention.uldap.getAdminConnection(start_tls, decode_ignorelist=decode_ignorelist)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 132, in getAdminConnection
    bindpw = open('/etc/ldap.secret').read().rstrip('\n')
FileNotFoundError: [Errno 2] Datei oder Verzeichnis nicht gefunden: '/etc/ldap.secret'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 388, in __error_handling
    six.reraise(etype, exc, etraceback)
  File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 285, in execute
    function.__func__(self, request, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/decorators.py", line 189, in _response
    return function(self, request)
  File "/usr/lib/python3/dist-packages/ucsschool/lib/school_umc_ldap_connection.py", line 156, in wrapper_func
    return func(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/schoolusers/__init__.py", line 173, in password_reset
    udm_admin_save_user_with_extended_attributes(request.options["userDN"])
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/schoolusers/__init__.py", line 89, in udm_admin_save_user_with_extended_attributes
    user = get_udm_user_mod().get(dn)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/schoolusers/__init__.py", line 60, in get_udm_user_mod
    return UDM.admin().version(2).get("users/user")
  File "/usr/lib/python3/dist-packages/univention/udm/udm.py", line 165, in admin
    connection = LDAP_connection.get_admin_connection()
  File "/usr/lib/python3/dist-packages/univention/udm/connections.py", line 87, in get_admin_connection
    cls._connection_admin, _po = cls._wrap_connection(univention.admin.uldap.getAdminConnection)
  File "/usr/lib/python3/dist-packages/univention/udm/connections.py", line 73, in _wrap_connection
    six.reraise(ConnectionError, ConnectionError('Could not read secret file'), sys.exc_info()[2])
  File "/usr/lib/python3/dist-packages/six.py", line 692, in reraise
    raise value.with_traceback(tb)
  File "/usr/lib/python3/dist-packages/univention/udm/connections.py", line 71, in _wrap_connection
    return func(**kwargs)
  File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 161, in getAdminConnection
    lo = univention.uldap.getAdminConnection(start_tls, decode_ignorelist=decode_ignorelist)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 132, in getAdminConnection
    bindpw = open('/etc/ldap.secret').read().rstrip('\n')
univention.udm.exceptions.ConnectionError: Could not read secret file



It would be very good and helpful for non-admin users if instead of the current display that an error has occurred and the traceback can be viewed, help or a hint is displayed as to why the password cannot be reset or set.
We cannot expect a school teacher to have the skills to read and understand a traceback.

Comment 1 Mirac Erdemiroglu

2025-08-27 22:54:28 CEST

Changed user pain.

Comment 2 Mirac Erdemiroglu

2025-11-05 09:37:03 CET

Another customer reported this issue 2025110521000091

Name
	Änderung des Passwortes erforderlich
		
Benachrichtigungen
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Ein Fehler ist aufgetreten:
Die Anfrage konnte nicht bearbeitet werden.
Interner Server-Fehler in "schoolusers/password/reset (student)".
Interner Server-Fehler in "schoolusers/password/reset (student)".
Request: schoolusers/password/reset (student)
 
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/schoolusers/__init__.py", line 167, in password_reset
    _password_reset(request, ldap_user_write)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/schoolusers/__init__.py", line 160, in _password_reset
    user.modify()
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1253, in modify
    return super().modify(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 697, in modify
    dn = self._modify(modify_childs, ignore_license=ignore_license, response=response, serverctrls=serverctrls)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1436, in _modify
    ml = self._ldap_modlist()
         ^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1523, in _ldap_modlist
    self._check_password_complexity(pwhistoryPolicy)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/users/user.py", line 1615, in _check_password_complexity
    raise univention.admin.uexceptions.pwToShort(_('The password is too short, at least %d characters needed!') % (password_minlength,))
univention.admin.uexceptions.pwToShort: Fehler in der Passwort-Richtlinie: Das Passwort ist zu kurz, mindestens 8 Zeichen erforderlich!
 
During handling of the above exception, another exception occurred:
 
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/udm/connections.py", line 44, in _wrap_connection
    return func(**kwargs)
           ^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 64, in getAdminConnection
    lo = univention.uldap.getAdminConnection(start_tls)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 86, in getAdminConnection
    with open('/etc/ldap.secret') as secret:
         ^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] Datei oder Verzeichnis nicht gefunden: '/etc/ldap.secret'
 
During handling of the above exception, another exception occurred:
 
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 331, in __error_handling
    raise exc.with_traceback(etraceback)
 File "/usr/lib/python3/dist-packages/univention/management/console/base.py", line 230, in execute
    function.__func__(self, request, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/decorators.py", line 166, in _response
    return function(self, request)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/ucsschool/lib/school_umc_ldap_connection.py", line 156, in wrapper_func
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/schoolusers/__init__.py", line 173, in password_reset
    udm_admin_save_user_with_extended_attributes(request.options["userDN"])
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/schoolusers/__init__.py", line 89, in udm_admin_save_user_with_extended_attributes
    user = get_udm_user_mod().get(dn)
           ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/schoolusers/__init__.py", line 60, in get_udm_user_mod
    return UDM.admin().version(2).get("users/user")
           ^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/udm/udm.py", line 133, in admin
    connection = LDAP_connection.get_admin_connection()
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/udm/connections.py", line 59, in get_admin_connection
    cls._connection_admin, _po = cls._wrap_connection(univention.admin.uldap.getAdminConnection)
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/udm/connections.py", line 46, in _wrap_connection
    raise ConnectionError('Could not read secret file').with_traceback(sys.exc_info()[2])
  File "/usr/lib/python3/dist-packages/univention/udm/connections.py", line 44, in _wrap_connection
    return func(**kwargs)
           ^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 64, in getAdminConnection
    lo = univention.uldap.getAdminConnection(start_tls)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 86, in getAdminConnection
    with open('/etc/ldap.secret') as secret:
         ^^^^^^^^^^^^^^^^^^^^^^^^
univention.udm.exceptions.ConnectionError: Could not read secret file

Comment 3 Mirac Erdemiroglu

2025-11-17 12:46:24 CET

Changed user pain a find a workaround:

https://help.univention.com/t/problem-ucs-school-password-reset-fails-in-umc-for-student-accounts-due-to-password-complexity/24700

With default settings and without to set the ucr variable umc/login/password-complexity-message/* , the issue still persistent.