Topic: Adding 1000's of Users

[Terry Funk]

Hello all,

Surely, I am not the first person to have this problem.

I have searched everywhere on all the e-smith forums, faqs, etc and have not found any way yet to add/migrate multiple users other than by hand. Am I not looking in the right places? Is there information somewhere on how to do this?

I thought of modifying the Perl scripts that might do this but I am not sure what Perl code is used that creates single users, one at a time.

For the present time, this is a show stopper for me. I would like to be able to copy over my current passwd and shadow file, run a process that would read those two files and add them as users and also populated the the LDAP directory. The server has the useradd and chgpasswd utilities but the when I run those utitls it puts the users directories in the wrong places and at any rated it does not populate the LDAP database.

Any hints? suggestions? HELP!

Terry

[Dan Brown]

http://www.myezserver.com/docs/mitel/addusers-howto.html

[Terry Funk]

WOW!

Thanks for your fast response! Greatly appreciate this

Terry

[Filippo Carletti]

Darrel script uses random uid (user id).
If you would prefer to have sequential ids use this script.
adduserlist.txt has for fields (username:password:firstname:lastname)

#!/bin/sh

SRC=adduserlist.txt

cat $SRC | ( \
        IFS=: ; while read username password firstname lastname; \
         do

number=$(

perl -e '
sub getNextFreeID
{
    my %id;

    my $minid = 5000;
    $minid = 5000 unless $minid;

    my $maxid = 1 << 31;

    # Take note of all the used uids and gids from the passwd entries

    while ((undef, undef, my $uid, my $gid) = getpwent)
    {
   ++$id{$uid} if ($uid > $minid);
   ++$id{$gid} if ($gid > $minid);
    }

    # Take note of all the used gids from the group entries

    while ((undef, undef, my $gid) = getgrent)
    {
   ++$id{$gid} if ($gid > $minid);
    }

    # Find the first free id

    my $count = $minid + 1;

    while ($count < $maxid)
    {
   return $count
       unless (exists $id{$count});

   ++$count;
    }
}

print getNextFreeID();
'
)

/sbin/e-smith/db accounts set $username user FirstName $firstname LastName $lastname PasswordSet no Uid $number Gid $number

/sbin/e-smith/signal-event user-create $username

sleep 3

perl -e "use esmith::util; esmith::util::setUserPassword ( '$username', '$password' );"

/sbin/e-smith/db accounts setprop $username PasswordSet yes
/sbin/e-smith/signal-event pseudonym-create $firstname.$lastname $username

done \
            )

[Dan Brown]

Ah yes, I'd forgotten about that issue.  However, isn't your script missing a line?  It should also set a pseudonym for firstname_lastname.

Could you possibly post this as an alternate howto?

[Filippo Carletti]

Oops, pasted the version I use (I do NOT like those underscored aliases).
Also, I have to note that my script permits spaces in names, but doesn't deal with them when creating pseudonyms (yes, it's a bug).
I submitted my work to Darrel asking if he wants to update his howto.
Thanks for comments, highly appreciated.

[Sebastian Stypel]

is it possible to when adding these '1000's of users' to do the following things:

- add that person to a group
- set a random password for each user
- write back to the original file the password
- set his/her quota size
- set his/her personal details

if so, how?

thanks,

sabu

[Dan Williamson]

Hi Dan,

The problem:
Each time I add users, e-smith should generate a new "everyone" list. This fails around record 850 of 1560 users at this point. There are corrupt records in the LDAP files and the first is encountered at around 850, I suspect.

What I've looked at:
I used the scripts a number of times to add lists of users to our mail system. Once or twice there were errors in the lists of users to add (eg spaces or commas or perhaps a ^M here or there?). The result is an LDAP file with corruption. I have 3 records of the 1561 that fail on read. I managed to send them all to an LDIF and I can recognize the 3 bad records from their odd entries (one of the files appears to have a cn=""). I have tried a variety of LDAP tools and clients to delete these 3 records by identifying them by various attributes but all attempts fail. ldapdelete connects with sufficient privileges but the delete fails with the following:

Command:
    ldapdelete -x  -v  "givenName=LastName,dc=us21,dc=com,dc=ar"  
                    -D "cn=admin,dc=us21,dc=com,dc=ar" -w "abcdefg"

   ldapdelete  -x  -v  "cn=25585612,dc=us21,dc=com,dc=ar"
                    -D "cn=admin,dc=us21,dc=com,dc=ar" -w "abcdefg"

   ldapdelete  -x  -v "cn=caeirocaserasm,dc=us21,dc=com,dc=ar"
                    -D "cn=admin,dc=us21,dc=com,dc=ar" -w "abcdefg"

Response:
    ldap_initialize( )
    deleting entry "givenName=LastName,dc=us21,dc=com,dc=ar"
    Delete Result: No such object (32)
    Matched DN: dc=us21,dc=com,dc=ar

    ldap_initialize( )
    deleting entry "cn=25585612,dc=us21,dc=com,dc=ar"
    Delete Result: No such object (32)
    Matched DN: dc=us21,dc=com,dc=ar

    ldap_initialize( )
    deleting entry "cn=caeirocaserasm,dc=us21,dc=com,dc=ar"
    Delete Result: No such object (32)
    Matched DN: dc=us21,dc=com,dc=ar

The entries are verbatim. For the attempts, authentication using "admin" and "abcdefg"  was setup in a dummied slapd.conf and ldap was restarted.

Any idea what I can do about it? Pointers to better tools?

By the way, thanks for your assistance in the past through your how-tos and posts in these BBs.

regards,

Dan

[Charlie Brady]

Dan Williamson wrote:

> Each time I add users, e-smith should generate a new
> "everyone" list. This fails around record 850 of 1560 users
> at this point. There are corrupt records in the LDAP files
> and the first is encountered at around 850, I suspect.

Are you sure that your primary problem is LDAP, and not breakage in the groups file? RedHat's useradd/usermod tools are broken for large numbers or users/groups - see:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=60304

As we need to constantly remind people - report all bugs to bugs@e-smith.com.

Thanks

Charlie

[Dan Williamson]

Thanks for the quick reply .....

Nope. It is an e-smith specific problem from using the script to add multiple users in the format:

field1:field2:field3:field4

With embedded spaces or commas or ^M chars or "something", the entry is input corrupted and cannot be changed in e-smith's manager nor can it be modified or deleted by openldap tools as far as I can tell. The entry shows up in the server-manager and dumps to an LDIF using 3rd party clients but gives an error if you try to remove or edit the entry.

[Dan Williamson]

Perhaps one solution is using or manipulating the LDAP with one of the e-smith scripts in "/home/e-smith/events/actions/ ...."? I am not familiar enough with their integration to other objects in the system and am not ready to go blundering into the china shop.