Univention Bugzilla – Full Text Bug Listing |
Summary: | S4-Connector still reads&writes deprecated sambaPwdMustChange | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Samba4 | Assignee: | Arvid Requate <requate> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | normal | ||
Priority: | P5 | CC: | botner, gohmann, heidelberger, michelsmidt, scheinig |
Version: | UCS 2.4 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.3-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
URL: | https://git.knut.univention.de/univention/ucs/tree/arequate/bug45282 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 2: Improvement: Would be a product improvement |
Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
User Pain: | 0.023 | Enterprise Customer affected?: | Yes |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Yes | Flags outvoted (downgraded) after PO Review: | |
Ticket number: | 2017082921000291 | Bug group (optional): | |
Max CVSS v3 score: | |||
Bug Depends on: | 20917 | ||
Bug Blocks: | |||
Attachments: | remove_sambaPwdMustChange.patch |
Description
Arvid Requate
2017-08-29 13:01:53 CEST
Created attachment 9152 [details]
remove_sambaPwdMustChange.patch
Something like this (untested)
This is bad because sambaPwdMustChange=0 in UCS lets the connector set pwdLastSet=0 in s4 (password expired) during every "password_sync_ucs_to_s4" (password change in UCS) until the password is changed in s4. steps to repdroduce: * stop connector * change s4 password * change pwdLastSet to 0 for s4 test user (ldbedit) after restarting the connector password_sync_s4_to_ucs() sets sambaPwdMustChange=0 in UCS The customer asked one year later, if something happened here. I think it is time for the 'waiting for support' flag. By now the customer is on Version: UCS: 4.3-1 errata202 The URL field refers to a gitlab branch with an updated patch based on UCS 4.3-1. Fixed along with Bug #47595: 1ada17b9b3 | password_sync_s4_to_ucs: Don't set sambaPwdMustChange 7ccc957a0c | Bug #47595 & Bug #45282: Changelog 83a2f0a248 | Bug #45282 & Bug #47595: Advisory The attribute is still used (removed in password_sync_s4_to_ucs). I would prefer to completely remove the sambaPwdMustChange code in password_sync_s4_to_ucs and password_sync_ucs_to_s4. (In reply to Felix Botner from comment #8) > The attribute is still used (removed in password_sync_s4_to_ucs). I would > prefer to completely remove the sambaPwdMustChange code in > password_sync_s4_to_ucs and password_sync_ucs_to_s4. That is OK, so it is removed by time. If it should be removed directly, one can use: /usr/share/univention-directory-manager-tools/remove_sambapwdmustchange OK |