Univention Bugzilla – Bug 45760
AD connector removes shadowMax and shadowLastChange on password change via samba/kerberos
Last modified: 2018-05-16 17:03:55 CEST
+++ This bug was initially created as a clone of Bug #36317 +++ The connector removes shadowMax and shadowLastChange if the password is set via Windows. The connector should properly set these attributes -> shadowLastChange (days since 1970-01-01 00:00:00 UTC) -> shadowMax keep if existing
Does this occur again with UCS 4.2?
Move to 4.3-0-errata. If a UCS 4.2 backport is needed, please clone this issue.
s4 change merged to ad connector. 08.05.2018 12:25:46,570 LDAP (INFO ): password_sync: update shadowLastChange to 17659 for uid=fb1,cn=users,dc=w2k12,dc=test 08.05.2018 12:25:46,576 LDAP (INFO ): password_sync: password expiry for uid=fb1,cn=users,dc=w2k12,dc=test is {'policy': 'cn=default-settings,cn=pwhistory,cn=users,cn=policies,dc=w2k12,dc=test', 'fixed': 0, 'value': ['60']} 08.05.2018 12:25:46,576 LDAP (INFO ): password_sync: update shadowMax to 60 for uid=fb1,cn=users,dc=w2k12,dc=test 08.05.2018 12:25:46,577 LDAP (INFO ): password_sync: update krb5PasswordEnd to 20180707000000Z for uid=fb1,cn=users,dc=w2k12,dc=test 08.05.2018 12:25:46,578 LDAP (INFO ): password_sync: sambaPwdLastSet in modlist (replace): 1525775143 univention-ad-connector - d693c27be2fc54122fbe8aca53dba745086c6645 yaml - fab12338ae87116b6a87c034a598e2ddc79100db
Looks good, advisory too.
<http://errata.software-univention.de/ucs/4.3/36.html>