samba_upgradedns: Improve search for existing accounts in secrets.ldb

We should actually check for the combination of both an account in secrets.ldb
and sam.ldb, but this is at least an improvement.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index 53e05a6b6dfdc0cd93aeea6f13eeb94d5fa1b990..f57ff7296300dbd1d333fa0dd12b84678119c85e 100755 (executable)
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -412,21 +412,17 @@ if __name__ == '__main__':
     # Special stuff for DLZ backend
     if opts.dns_backend == "BIND9_DLZ":
         # Check if dns-HOSTNAME account exists and create it if required
-        try:
-            dn = 'samAccountName=dns-%s,CN=Principals' % hostname
-            msg = ldbs.secrets.search(expression='(dn=%s)' % dn, attrs=['secret'])
-        except IndexError:
+        secrets_msgs = ldbs.secrets.search(expression='(samAccountName=dns-%s)' % hostname, attrs=['secret'])
+        if len(secrets_msgs) == 0:
 
             logger.info("Adding dns-%s account" % hostname)
 
-            try:
-                msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
-                                      expression='(sAMAccountName=dns-%s)' % (hostname),
-                                      attrs=[])
+            msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
+                                  expression='(sAMAccountName=dns-%s)' % (hostname),
+                                  attrs=[])
+            if len(msg) == 1:
                 dn = msg[0].dn
                 ldbs.sam.delete(dn)
-            except IndexError:
-                pass
 
             dnspass = samba.generate_random_password(128, 255)
             setup_add_ldif(ldbs.sam, setup_path("provision_dns_add_samba.ldif"), {