Bug 12426 - samba-tool user syncpasswords and deleted accounts
Summary: samba-tool user syncpasswords and deleted accounts
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.5.1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-14 13:22 UTC by EOLE Team
Modified: 2016-11-20 00:48 UTC (History)
1 user (show)

See Also:


Attachments
This does not fix nothing but it can help on solving the issue. (940 bytes, patch)
2016-11-14 13:22 UTC, EOLE Team
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description EOLE Team 2016-11-14 13:22:07 UTC
Created attachment 12661 [details]
This does not fix nothing but it can help on solving the issue.

We are testing samba-tool user --syncpasswords option and we found a bug. 
We reproduce it this way : 

1°) Create an account with samba-tool create
2°) Initialize syncpasswords cache with samba-tool user syncpasswords --cache-ldb-initialize command
3°) Start the the syncpasswords command "samba-tool user syncpasswords"
4°) Change the password for the created user 
5°) Stop the syncpasswords command
6°) Delete the user with samba-tool user delete
7°) Start the syncpasswords command and you will get this kind of error :

root@eolebase:~/samba-4.5.1# samba-tool user syncpasswords
Mon Nov 14 14:11:54 2016: pid[25634]: Using cache_ldb[/usr/local/samba/var/lib/samba/private/user-syncpasswords-cache.ldb]
Mon Nov 14 14:11:54 2016: pid[25634]: currentPid: 25634
Mon Nov 14 14:11:54 2016: pid[25634]: Wait before connect - sleep(1)
Mon Nov 14 14:11:55 2016: pid[25634]: Connecting to 'ldapi:///usr/local/samba/var/lib/samba/private/ldap_priv/ldapi'
Mon Nov 14 14:11:55 2016: pid[25634]: Resuming monitoring
dirsyncFilter: (&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(sAMAccountName=krbtgt*)))
dirsyncControls: ['dirsync:1:0:0', 'extended_dn:1:0']
syncCommand: /root/changePwd.py
Mon Nov 14 14:11:55 2016: pid[25634]: dirsync_loop(): results 9
Mon Nov 14 14:11:55 2016: pid[25634]: # Dirsync[0] 45004cfc-d097-4e78-99f9-d87241619220 S-1-5-21-1070482517-2200023967-776003
3-1109
dn: <GUID=45004cfc-d097-4e78-99f9-d87241619220>;<SID=S-1-5-21-1070482517-2200023967-7760033-1109>;CN=pcaseiro\0ADEL:45004cfc-
d097-4e78-99f9-d87241619220,CN=Deleted Objects,DC=ac-test,DC=lan
isRecycled: TRUE
isDeleted: TRUE
userAccountControl: 512
sAMAccountName: pcaseiro
objectGUID: 45004cfc-d097-4e78-99f9-d87241619220
instanceType: 4
Mon Nov 14 14:11:55 2016: pid[25634]: # Passwords[0] 45004cfc-d097-4e78-99f9-d87241619220 S-1-5-21-1070482517-2200023967-7760
033-1109
# attrs=['dn', 'isDeleted', 'isRecycled', 'objectGUID']
Mon Nov 14 14:11:55 2016: pid[25634]: Call Popen[CN=pcaseiro\0ADEL:45004cfc-d097-4e78-99f9-d87241619220,CN=Deleted Objects,DC
=ac-test,DC=lan] for /root/changePwd.py
Mon Nov 14 14:11:56 2016: pid[25634]: ERROR: Failed to get password for user 'pcaseiro0ADEL:45004cfc-d097-4e78-99f9-d87241619
220': Unable to find user "pcaseiro0ADEL:45004cfc-d097-4e78-99f9-d87241619220"
DONE-EXIT: 65280
Mon Nov 14 14:11:56 2016: pid[25634]: RESULT: 0
ERROR(exception): uncaught exception - ERROR: 0 - ERROR: Failed to get password for user 'pcaseiro0ADEL:45004cfc-d097-4e78-99
f9-d87241619220': Unable to find user "pcaseiro0ADEL:45004cfc-d097-4e78-99f9-d87241619220"
DONE-EXIT: 65280
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/user.py", line 1976, in run
    sync_loop(wait)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/user.py", line 1865, in sync_loop
    dirsync_loop()
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/user.py", line 1842, in dirsync_loop
    handle_object(ri, r)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/user.py", line 1659, in handle_object
    run_sync_command(obj.dn, ldif)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/user.py", line 1628, in run_sync_command
    raise Exception("ERROR: %s - %s\n" % (res, reply))


The problem is the syncpasswords tool also lists the "Deleted Objects" on startup and it found "users" in this "branch".

I tried to fix that by testing if the attribute "isDeleted" is present and have this value "TRUE". It passes all the users and crach when arrived to "Administrator". 

I join a "patch" try.