Bug 47781

Summary: Define cronjob for server password change via UCR
Product: UCS Reporter: Sönke Schwardt-Krummrich <schwardt>
Component: Password changesAssignee: Jannik Ahlers <ahlers>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P5 CC: ahlers, hahn
Version: UCS 4.3   
Target Milestone: UCS 4.3-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 2: Will only affect a few installed domains How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046 Enterprise Customer affected?:
School Customer affected?: Yes ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Attachments: Add UCRV server/password/cron

Description Sönke Schwardt-Krummrich univentionstaff 2018-09-11 13:51:26 CEST 
Every night at 1 AM a cronjob calls the script /usr/lib/univention-server/server_password_change (with a jitter of 10min). This time is currently hardcoded and should be customizable via a UCR variable.

Reason: 
This behavior is unfavorable in larger UCS@school environments, since the user imports take several hours and are usually performed at night. There was already a customer where the server password was changed during the user import and the import was aborted with various error messages.

Current workaround: disabling the server password change for the UCS master.
Comment 1 Philipp Hahn univentionstaff 2018-09-11 15:15:21 CEST 
Created attachment 9670 [details]
Add UCRV server/password/cron
Comment 2 Jannik Ahlers univentionstaff 2018-10-02 11:07:23 CEST 
Successful build
Package: univention-server
Version: 13.0.0-7A~4.3.0.201810021104
Branch: ucs_4.3-0
Scope: errata4.3-2

univention-server (13.0.0-7)
891966e0fa99 | Bug #47781: Make time for password change check configurable

univention-server.yaml
ec5b159385cc | Bug #47781: yaml
891966e0fa99 | Bug #47781: Make time for password change check configurable

I applied philipps patch.
Comment 3 Jannik Ahlers univentionstaff 2018-10-02 17:21:57 CEST 
Successful build
Package: univention-server
Version: 13.0.0-8A~4.3.0.201810021718
Branch: ucs_4.3-0
Scope: errata4.3-2

univention-server.yaml
c0402e8197a4 | Bug #47781: yaml
8b8d8926e1f7 | Bug #47781: fix ucr variable descriptions

univention-server (13.0.0-8)
8b8d8926e1f7 | Bug #47781: fix ucr variable descriptions

fixed typos and umlaut encoding.
Comment 4 Philipp Hahn univentionstaff 2018-10-02 18:04:05 CEST 
OK: univention-server.yaml
OK: errata-announce -V --only univention-server.yaml

OK: 891966e0fa99 8b8d8926e1f7
OK: apt install univention-role-server-common
OK: ucr info server/password/cron
OK: ucr set server/password/cron='30 17 * * *'
OK: tail -f /var/log/syslog /var/log/univention/server_password_change.log
Comment 5 Arvid Requate univentionstaff 2018-10-04 14:27:49 CEST 
<http://errata.software-univention.de/ucs/4.3/262.html>