I'm using the 'samba-tool user syncpasswords' functionality, and i've found that if i set a password with 'samba-tool user setpassword --random-password', syncpassword emit a wrong base64 password, eg a password that some base64 decoders consider invalid, or decode but with warnings.
Looking at base64 passwords are all truncated to 56 chars.
Seems to me that or 'syncpasswords' (or other samba components) truncate them, or there's some limitation to 56 chars in (base64 version), and probably it is better to have 'samba-tool user setpassword --random-password' generate passwords with less then 56 chars (in base64).
PS: also on https://lists.samba.org/archive/samba/2017-October/211730.html
(In reply to Marco Gaiarin from comment #0)
Are you sure you're parsing the ldif output correctly? The value
of one attribute may use more than one line.
Ah! Damn me!
I've looked at format, that was a LDIF-like format, but never minded about long lines.
Yes, i confirm, unwrapping long lines on syncpasswd script solved the issue.
Sorry for that bug.