15825 – samba-tool user getpassword --filter not working as advertised

Bug 15825 - samba-tool user getpassword --filter not working as advertised

Summary: samba-tool user getpassword --filter not working as advertised

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Tools (show other bugs)
Version:	4.22.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-03-12 16:36 UTC by Björn Jacke
Modified:	2025-03-12 20:04 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Björn Jacke 2025-03-12 16:36:10 UTC

if we run:

# samba-tool user getpassword --attributes virtualCryptSHA256
it says:
ERROR: Either the username or '--filter' must be specified!

if we then run:

# samba-tool user getpassword --filter="samaccountname=b*" --attributes virtualCryptSHA256
it says:
ERROR: Failed to get password for user 'samaccountname=b*': Matched 8 multiple users with filter "samaccountname=b*"

So the --filter option is almost useless as the command will only work if we match only one single user here.

Comment 1 Douglas Bagnall 2025-03-12 20:04:30 UTC

I agree it is not very useful, but I think it is "working as advertised":

  --filter=FILTER       LDAP Filter to get password for (must match single
                        account)


It looks like several other samba-tool user subcommands work similarly, but there --help is generally worse (disable, enable, readpasswords *, setexpiry, setpassword, unlock).