Author Topic: Import/Export users at reinstall  (Read 13253 times)

bertalanimre

  • Zen Monk
  • **
  • Posts: 88
  • Karma: +3/-0
    • View Profile
Import/Export users at reinstall
« on: July 07, 2014, 09:29:14 am »
Hy,

THe question is obvious. I'm planing to install a server with around 50-60 users. When I add all of them then I would like to make a kind of backup in case if I have to re install it. I saw a few topics about it, but haven't tried them yet. Can you please provide me the best way to export, then later import the users? Obviously the domain name / mail address would stay the same. I just don't want hours to be taken only by adding the users one by one all the time when I have to. A nice script to add them from a cvs file would be very nice for example. But please excuse me and my newbieness. I'm not that familiar with servers and server methods yet.

Bert

dave2318

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +3/-0
    • View Profile
Re: Import/Export users at reinstall
« Reply #1 on: July 07, 2014, 03:42:47 pm »
A script to import users from CSV is located here:-
http://doc.zentyal.org/en/appendix-c.html
however it doesn't work for 3.5 yet. I have been messing with it but simply can't get it to work. Worked fine on 3.4.

Dave

bertalanimre

  • Zen Monk
  • **
  • Posts: 88
  • Karma: +3/-0
    • View Profile
Re: Import/Export users at reinstall
« Reply #2 on: July 07, 2014, 04:17:18 pm »
Damn, I'M using 3.5 since it is based on the 14.04 and not the 13.10. I'm searching for a good 3rd party software ATM.

StuartNaylor

  • Guest
Re: Import/Export users at reinstall
« Reply #3 on: July 07, 2014, 06:07:52 pm »
For 3.5

Make a file called users.csv

Code: [Select]
jfoo,John,Foo,password,
jbar,Jack,Bar,password,
fart,Fred,Art,password,
dick,Dave,Ick,password,

sudo bash bulkusers
bulkusers script
Code: [Select]
#!/bin/bash
INPUT=users.csv
OLDIFS=$IFS
IFS=,
[ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; }
while read username givenname surname password
do
echo "$username $givenname $surname $password"
samba-tool user add "$username" "$password"  --given-name="$givenname" --surname="$surname"
done < $INPUT
IFS=OLDIFS

samba-tool user add -h will give a full list of parameters

also you can use ldbmodify and this could add any other ldap info that samba-tool doesn't provide for.

Here example setting mail address.
Code: [Select]
#!/bin/bash
LDIF=my.ldif
INPUT=users.csv
OLDIFS=$IFS
IFS=,
[ ! -f $INPUT ] && { echo "$INPUT file not found"; exit 99; }
while read username givenname surname password
do
rm /tmp/$LDIF
echo "$username $givenname $surname $password"
samba-tool user add "$username" "$password"  --given-name="$givenname" --surname="$surname"
echo "dn: CN="$givenname" "$surname",CN=Users,DC=office,DC=zentyal,DC=lan
changetype: modify
add: mail
mail: "$username"@zentyal.lan" > /tmp/$LDIF
ldbmodify -H /var/lib/samba/private/sam.ldb -b DC=office,DC=zentyal,DC=lan /tmp/$LDIF
rm /tmp/$LDIF
done < $INPUT
IFS=OLDIFS


You will have to edit the base DN, from my test install to however you have set yours "DC=office,DC=zentyal,DC=lan" my test fqdn is zent1.office.zentyal.lan realm is office.zentyal.lan.


« Last Edit: July 07, 2014, 11:35:03 pm by StuartNaylor »

dave2318

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +3/-0
    • View Profile
Re: Import/Export users at reinstall
« Reply #4 on: July 08, 2014, 10:18:13 am »
Wow! really useful! is there any way to automatically enable the openchange account when the email is created?
I have set the option to automatically create openchange account under user templates but creating a user this way does not enable the openchange account.

Also i have just enabled the openchange account on a couple of imported users and the password from the csv does not work, i have had to manually change the password to be able to login.
« Last Edit: July 08, 2014, 10:28:34 am by dave2318 »

StuartNaylor

  • Guest
Re: Import/Export users at reinstall
« Reply #5 on: July 08, 2014, 12:49:18 pm »
I would of said essentially yes.

But I am rather surprised that you cannot logon.

Code: [Select]
legacyExchangeDN: /o=Office/ou=First Administrative Group/cn=Recipients/cn=d
 ick
proxyAddresses: =EX:/o=Office/ou=First Administrative Group/cn=Recipients/cn
 =dick
proxyAddresses: SMTP:dick@office.zentyal.lan
proxyAddresses: smtp:postmaster@office.zentyal.lan
proxyAddresses: X400:c=US;a= ;p=First Organizati;o=Exchange;s=dick
homeMDB: CN=Mailbox Store (ZENT1),CN=First Storage Group,CN=InformationStore
 ,CN=ZENT1,CN=Servers,CN=First Administrative Group,CN=Administrative Groups
 ,CN=Office,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=office,DC=
 zentyal,DC=lan
homeMTA: CN=Mailbox Store (ZENT1),CN=First Storage Group,CN=InformationStore
 ,CN=ZENT1,CN=Servers,CN=First Administrative Group,CN=Administrative Groups
 ,CN=Office,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=office,DC=
 zentyal,DC=lan
mailNickname: dick
msExchUserAccountControl: 0

Thats the gubbins that OpenChange adds. So yes it would be possible.
« Last Edit: July 08, 2014, 12:51:23 pm by StuartNaylor »

dave2318

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +3/-0
    • View Profile
Re: Import/Export users at reinstall
« Reply #6 on: July 08, 2014, 01:04:37 pm »
initially i had a "," at the end of the line in the csv so i removed that, double checked the password it was saying on the console when it was creating the user and that was correct. Only thing i can think of is something to do with the CRLF at the end of the line, so i edited the file in nano with no new line after one single record and the password still didn't work.

StuartNaylor

  • Guest
Re: Import/Export users at reinstall
« Reply #7 on: July 08, 2014, 01:18:42 pm »
Really strange Dave.

Just tried it myself and logged on.

The comma at the end seemed to be needed and I used that exact format saved in nano.

Top tip download the 32 bit version of Apache Directory Studio.
It was a gotcha for me as I tried to install the 64bit version but the java client is actually 32bit.

Point it at your server IP have a look at the two images attached.

Make sure your firewall is allowing ldap :389

samba-tool domain passwordsettings set --complexity=off
samba-tool domain passwordsettings set --min-pwd-length=5

If samba-tool user setpassword username doesn't work I give in?
I think zentyal have already turned off password complexity and set a minimum length, but hey give it a try.

samba-tool user setpassword Administrator

dave2318

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +3/-0
    • View Profile
Re: Import/Export users at reinstall
« Reply #8 on: July 08, 2014, 01:53:28 pm »
Interestingly i ran the samba-tool user add command line manually and the password worked! (had to manually create the mail account and openchange account though)
has to be something to do with my CSV. I changed the echo line to:-
echo "$username..$givenname..$surname..$password..Ends"

and it echoed only to the end of the password, didn't put ..Ends on the echo. Strange as the password is only 8 letters and a number, nothing complex.

StuartNaylor

  • Guest
Re: Import/Export users at reinstall
« Reply #9 on: July 08, 2014, 03:21:04 pm »
End should be there, must be a hidden carridge return or something.

Strange rather than copy and paste anything from here either try the two attachments or recreate in nano.

I keep getting similar problems as with using putty and wordpad the windows encoding isn't the same and often scripts go awry.

I will have a go at an openchange example

I think the editor in webmin is a better option than putty.

Bulkusers2 should give the openchange details. Havent tried it to be honest

Install Apache directory studio create a user with Zentyal that is openchange enabled.
create a user with samba-tool user add browse the directory and add any attributes that might be missing from bulkusers2.

http://support.microsoft.com/kb/296479

msExchUserAccountControlAttribute Syntax: single-valued integer

The msExchUserAccountControl attribute is used by the information store to determine whether to use the objectSid or the msExchMasterAccountSid when setting or reading information store permissions. This attribute has two possible values:
0: This is an enabled user
2: This is a disabled user

 
« Last Edit: July 08, 2014, 03:52:20 pm by StuartNaylor »

dave2318

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +3/-0
    • View Profile
Re: Import/Export users at reinstall
« Reply #10 on: July 08, 2014, 04:13:35 pm »
Yep that certainly sorted the password problem.
I normally use Notepad++ for this kind of work but the CSV was exported from our exchange server so could have had some strange chars in it somewhere.

the second script isn't working yet

ERR: (No such object) "Unable to find GUID for DN CN=Mailbox Store (Zentyal),CN=First Storage Group,CN=InformationStore,CN=Zentyal,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Office,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mycohens,DC=net
" on DN CN=Abdenour Khalfaoui,CN=Users,DC=mycohens,DC=net at block before line 19

is the first storage group the OpenChange organisation name? if so mines "First Organization"

StuartNaylor

  • Guest
Re: Import/Export users at reinstall
« Reply #11 on: July 08, 2014, 05:46:54 pm »
Called it office in the example.

Tried to unprovision and reinstall Openchange to see if there is any difference in Openchange 3.5.1

Don't unprovision as things don't go well. Even tried removing modules and reinstalling.

« Last Edit: July 08, 2014, 06:02:34 pm by StuartNaylor »

dave2318

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +3/-0
    • View Profile
Re: Import/Export users at reinstall
« Reply #12 on: July 08, 2014, 06:06:28 pm »
Not good.
I provisioned everything in 3.5 then upgraded to 3.51

dave2318

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +3/-0
    • View Profile
Re: Import/Export users at reinstall
« Reply #13 on: July 08, 2014, 06:10:37 pm »
Ok, i changed office to First Organization and it completed without errors :) but didn't enable openchange :(

StuartNaylor

  • Guest
Re: Import/Export users at reinstall
« Reply #14 on: July 08, 2014, 06:20:21 pm »
dave stuck at the moment as nothing to look at but a deadchange :)

Create a couple of users with samba-tool and zentyal some enabled and some not with openchange.

Have a browse with Apache Directory Studio.

Right click and bring up the properties menu and enable "fetch operational attributes"

Probably we are just short of a few attributes.

With ObjectClasses the LDBmodify needs to be like so.
add:objectclass
objectclass: posixGroup

Have browse as must of missed something somewhere.

I am blind until I set up a test VM again.