Univention Bugzilla – Bug 48720
"Benutzer muss Kennwort bei der nächsten Anmeldung ändern" not synced to UCS
Last modified: 2020-06-02 10:52:59 CEST
Created a user in AD, then set "Benutzer muss Kennwort bei der nächsten Anmeldung ändern". I can still logon with that account (LDAP/Kerberos) in UCS. UCS object: shadowLastChange: 17947 AD object: pwdLastSet: 0 So we do not properly sync pwdLastSet: 0 from AD to UCS. (in an ideal world pwdlastset=0 would be shadowLastChange=0 in UCS man shadow date of last password change The date of the last password change, expressed as the number of days since Jan 1, 1970. The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system. An empty field means that password aging features are disabled.
Since I just visited that code: These UCR variables may affect things here (but probably are not enough): * connector/ad/password/timestamp/check * connector/ad/password/timestamp/syncreset/ucs * connector/ad/password/timestamp/syncreset/ad