Bug 48720
| Summary: | "Benutzer muss Kennwort bei der nächsten Anmeldung ändern" not synced to UCS | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Felix Botner <botner> |
| Component: | AD Connector | Assignee: | Samba maintainers <samba-maintainers> |
| Status: | NEW --- | QA Contact: | Samba maintainers <samba-maintainers> |
| Severity: | normal | ||
| Priority: | P5 | CC: | requate |
| Version: | UCS 4.4 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=51298 https://forge.univention.org/bugzilla/show_bug.cgi?id=11026 https://forge.univention.org/bugzilla/show_bug.cgi?id=22751 |
||
| What kind of report is it?: | Development Internal | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
Since I just visited that code: These UCR variables may affect things here (but probably are not enough): * connector/ad/password/timestamp/check * connector/ad/password/timestamp/syncreset/ucs * connector/ad/password/timestamp/syncreset/ad |
Created a user in AD, then set "Benutzer muss Kennwort bei der nächsten Anmeldung ändern". I can still logon with that account (LDAP/Kerberos) in UCS. UCS object: shadowLastChange: 17947 AD object: pwdLastSet: 0 So we do not properly sync pwdLastSet: 0 from AD to UCS. (in an ideal world pwdlastset=0 would be shadowLastChange=0 in UCS man shadow date of last password change The date of the last password change, expressed as the number of days since Jan 1, 1970. The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system. An empty field means that password aging features are disabled.