Problem: Traceback when creating simple auth user


I receive a traceback when I create a simple auth user

root@dc0:~ # udm users/ldap create --position cn=users,$(ucr get ldap/base) --set username="authacc" --set password="abcdefg12345"
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 219, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/python2.7/dist-packages/univention/admincli/", line 409, in doit
    out = _doit(arglist)
  File "/usr/lib/python2.7/dist-packages/univention/admincli/", line 755, in _doit
    dn = object.create()
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/", line 557, in create
    dn = self._create(response=response, serverctrls=serverctrls)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/", line 1241, in _create
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/", line 223, in _ldap_modlist
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/users/", line 302, in _check_password_complexity
    pwdCheck.check(self['password'], username=self['username'], displayname=self['displayName'])
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/", line 478, in __getitem__
    elif key not in self.__no_default and self.descriptions[key].editable:
KeyError: 'displayName'


Password-Policy and Password quality check is enabled
Bug 52446 not fixed

Solution (is probably more of a workaround)

As a workaround disable the complexity check in LDAP.
UMC -> domain -> LDAP directory -> policies -> users -> pwhistory -> uncheck the box at the bottom.
Wait a short time and then try to create the user again. After successful creation of the simple auth user you can enable the complexity again.

Root Cause

If the Password quality check is enabled, it will be checked if the display name is included in the password. A Simple Auth user has no display name, which leads to this traceback.
We need to adjust the check accordingly. This is traced in the above bug.