Univention Bugzilla – Bug 35072
Unlock user in the domain
Last modified: 2017-10-18 12:02:40 CEST
By customer request. Since UCS 3.2 erratum 85 samba supports the domain account lockout with the command: samba-tool domain passwordsettings The customer would like to get a possibility to unlock user in the domain.
Created attachment 8000 [details] Script to unlock a samba account Script to unlock a Samba account by setting lockoutTime = 0 via ldbmodify. This does not include a convenience authentication wrapper as univention-s4search provides for ldbsearch. It may be a good idea to write a generic univention-ldb-tools wrapper that handles authentication detection and use it to wrap ldb{search,modify,..}. With that univention-samba-unlock could be simplified and merged with the tool from bug 35071.
Created attachment 8001 [details] Testscript for `univention-samba-unlock`
The Enterprise Customer affected flag is set but neither a Ticket number is referenced nor a Customer ID is set. Please set a Ticket number or a Customer ID. Otherwise the Enterprise Customer affected flag will be reset.
Committed in 679b140, YAML 11d064b.
The script is a bit awkward to use, because it requires authentication as Administrator but doesn't properly handle the interactive password prompt/input of samba-tool. As a workaround this works: root@master10:~# kinit Administrator Administrator@AR41I1.QA's Password: root@master10:~# /usr/sbin/univention-samba-unlock -k yes user1 I've opened Bug 45554 to address that. Otherwise the script works.
Obviously this unsafe usage works too: univention-samba-unlock user1 -U Administrator%univention
<http://errata.software-univention.de/ucs/4.2/200.html>