Univention Bugzilla – Full Text Bug Listing |
Summary: | Make account-lockout-threshold configurable via UMC | ||
---|---|---|---|
Product: | UCS | Reporter: | Stefan Gohmann <gohmann> |
Component: | S4 Connector | Assignee: | Samba maintainers <samba-maintainers> |
Status: | RESOLVED WONTFIX | QA Contact: | |
Severity: | enhancement | ||
Priority: | P5 | CC: | michelsmidt, requate |
Version: | UCS 4.2 | Flags: | requate:
Patch_Available+
|
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=35809 https://forge.univention.org/bugzilla/show_bug.cgi?id=39817 |
||
What kind of report is it?: | Feature Request | What type of bug is this?: | 2: Improvement: Would be a product improvement |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 1: Nuisance – not a big deal but noticeable |
User Pain: | 0.023 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Attachments: | s4connector_sync_lockoutThreshold.patch |
Description
Stefan Gohmann
It should also be possible to set the attribute "lockoutThreshold" on the domain base. udm settings/sambadomain has "badLockoutAttempts", which is backed by LDAP attribute sambaLockoutThreshold: udm settings/sambadomain modify \ --dn sambaDomainName=AR41I1,cn=samba,dc=ar41i1,dc=qa \ --set badLockoutAttempts=5 So, the dc.py in univention-s4-connector needs to be extended to also sync the OpenLDAP attribute sambaLockoutThreshold to the AD attribute lockoutThreshold. Created attachment 9413 [details]
s4connector_sync_lockoutThreshold.patch
The attached simple patch should fix this.
The third parameter in this context requires a little bit more work:
* resetCountMinutes / sambaLockoutObservationWindow / lockOutObservationWindow
-> UDM syntax is integer, that should be changed to UNIX_TimeInterval,
because it's a time interval in Active Directory too
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you. |