Standa Laznicka wrote: > On 11/29/2016 09:35 PM, Robert Kudyba wrote: >> >>> On Nov 29, 2016, at 11:37 AM, Rob Crittenden <rcrit...@redhat.com >>> <mailto:rcrit...@redhat.com>> wrote: >>> >>> Robert Kudyba wrote: >>>> I知 trying to use the script posted on >>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__shellonearth.net_import-2Dlocal-2Daccounts-2Din-2Dfreeipa-2Drhelcentos_&d=DgIDAw&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=qUO21wyGfiMBRaZk6rjEMSMEMYZB0QpBVyQTCq3U6lw&s=9CmZV-vE0Nle4yup0VrHuHVnMuPNCBaOcJQkR4GzebM&e= >>>> . >>>> I知 getting the below error. Have the options for ipa user-add changed >>>> recently? Here痴 what the error looks like in context from the CLI: >>>> >>>> Password for admin@ourdomain: >>>> User login: >>>> ipa: ERROR: Could not get User login interactively >>>> >>>> Here is what痴 in the script: >>>> >>>> ipa user-add $USER --first=$FIRST --last=$LAST --cn="$FULL" >>>> --displayname="$FULL" --uid=$UUID --gidnumber=$GID --setattr >>>> userpassword='{crypt}$CRYPT' >>>> >>>> >>> >>> Are you sure $USER has a value? >>> >>> It looks like it is falling back on interactive prompting for required >>> fields. >> >> Thanks that gave me a clue. The script was looking for a group ID of 8 >> characters long I changed it to 4: >> forline in"$(echo $p | grep "x:[0-9][0-9][0-9][0-9]*:")"# Only grep >> user accounts with IDs of 4 digits or more >> >> But now the script just “hangs” and no response. I confirmed >> permissions of the shadow and passwd files and just using 20 login >> names from each file. Nothing shows up in the user search of the >> FreeIPA GUI. >> >> >> > Well, I may not be that fluent in bash as I used to be, but from what I > see here, it's quite obvious. Line 39 - you have a `while read p` part > there that waits for input from stdin. That's where you hang. How you > managed to get to `ipa user-add` line before I am not really certain. > > Did you perhaps mean to read from /tmp/passwd or /tmp/shadow on L39? :) >
Check out his blog, he has an updated script. He was missing a < before $PASSWORD at the end. It still seems really fragile to me. I've attached a python script I wrote ages ago to do a similar import. You'd need to add your regex but this worked last I tried and is more performant when importing a lot of users because it does them in batches. rob
#!/usr/bin/python # import re import sys import tempfile from ipalib.dn import DN from ipalib import api, errors bulksize = 50 name_pattern = re.compile('(\w+) \w (\w+)') if len(sys.argv) != 2: sys.exit("Usage: %s <filename>" % sys.argv[0]) filename=sys.argv[1] api.bootstrap(context='cli') api.finalize() api.Backend.xmlclient.connect() def process_batch(batch): try: results = api.Command['batch'](batch)['results'] for result in results: if result['error'] and 'already exists' not in result['error']: print result['error'] elif 'completed' in results: if result['completed'] > 0: print "New members added to group %s" % result['result']['cn'] elif 'failed' in result and len(result['failed']['member']['user']) > 0 and 'not allowed' in result['failed']['member']['user'][0][1]: print "Cannot add members to a user-private group: %s" % result['result']['cn'] except errors.NetworkError, e: print "FAIL: connection error trying to run batch: %s" % e except errors.LimitsExceeded: # This was probably thrown in the post_callback, it isn't critical print 'Limits error' except KeyboardInterrupt: sys.exit("quitting") batch = [] count = 0 fd = open(filename, 'r') while True: line = fd.readline() if not line: break line = unicode(line.strip()) (uid, line) = line.split(' ', 1) try: (login, passwd, uid, gid, gecos, dir, shell) = line.split(':') except ValueError, e: print "mal-formed passwd entry: %s (%s)" % (e, line) continue m = name_pattern.match(gecos) if m: first = m.group(1) last = m.group(2) else: first = u'NIS' last = u'USER' batch.append(dict(method='user_add', params=([login], dict(gidnumber=int(gid), uidnumber=int(uid), gecos=gecos.strip(), homedir=dir, shell=shell, givenname=first, sn=last, noprivate=u'true', addattr='userPassword={crypt}%s' % passwd)))) count += 1 if count % bulksize == 0: process_batch(batch) batch = [] print "%d users" % count if batch: process_batch(batch) fd.close()
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project