diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/password.py b/services/univention-s4-connector/modules/univention/s4connector/s4/password.py index 4c58382..7a6581f 100644 --- a/services/univention-s4-connector/modules/univention/s4connector/s4/password.py +++ b/services/univention-s4-connector/modules/univention/s4connector/s4/password.py @@ -809,12 +809,21 @@ def password_sync_s4_to_ucs(s4connector, key, ucs_object, modifyUserPassword=Tru if pwexp_value: new_shadowMax = pwexp_value new_krb5end = time.strftime("%Y%m%d000000Z", time.gmtime((pwdLastSet_unix + (int(pwexp_value) * 3600 * 24)))) + + if pwdLastSet == 0: + new_shadowMax = new_shadowMax or '1' + if new_krb5end is None: + expiry = long(time.time()) + new_krb5end = time.strftime("%Y%m%d000000Z", time.gmtime(expiry)) + if old_shadowMax or new_shadowMax: - ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: update shadowMax to %s for %s" % (new_shadowMax, ucs_object['dn'])) - modlist.append(('shadowMax', old_shadowMax, new_shadowMax)) + if old_shadowMax != new_shadowMax: + ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: update shadowMax to %s for %s" % (new_shadowMax, ucs_object['dn'])) + modlist.append(('shadowMax', old_shadowMax, new_shadowMax)) if old_krb5end or new_krb5end: - ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: update krb5PasswordEnd to %s for %s" % (new_krb5end, ucs_object['dn'])) - modlist.append(('krb5PasswordEnd', old_krb5end, new_krb5end)) + if old_krb5end != new_krb5end: + ud.debug(ud.LDAP, ud.INFO, "password_sync_s4_to_ucs: update krb5PasswordEnd to %s for %s" % (new_krb5end, ucs_object['dn'])) + modlist.append(('krb5PasswordEnd', old_krb5end, new_krb5end)) if sambaPwdLastSet: if sambaPwdLastSet != newSambaPwdLastSet: diff --git a/test/ucs-ec2-tools b/test/ucs-ec2-tools index 755b752..0b31100 160000 --- a/test/ucs-ec2-tools +++ b/test/ucs-ec2-tools @@ -1 +1 @@ -Subproject commit 755b752d461b62ba29666294762e04f00ea9a74f +Subproject commit 0b31100265e08b4af576f53ceb9d6b0899cb2f17