Skip to content

Instantly share code, notes, and snippets.

@yesdevnull
Last active May 15, 2022 03:20
Show Gist options
  • Save yesdevnull/7908795 to your computer and use it in GitHub Desktop.
Save yesdevnull/7908795 to your computer and use it in GitHub Desktop.
Use this script to import users into an Open Directory domain on OS X Mavericks Server with users in a CSV. The Users.csv file is an example file to show you the structure expected.
#!/bin/bash
# Import Users into an Open Directory Domain
# by Dan Barrett
# http://yesdevnull.net
# You may need to change the details below depending on your configuration
# and settings
# Arguments:
# * Path to the CSV
# CSV format should be:
# +------------+---------+------------+----------+
# | First Name | Surname | Student ID | Password |
# +------------+---------+------------+----------+
# Note: You must ensure that the line endings for the CSV are Unix (or CRLF)
# and you have an empty line on the last line
#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*
# This will work if you're running it on the Directory Service Domain, change
# it if you're running the script on another bound machine
directoryDomain="/LDAPv3/127.0.0.1"
# Username of a directory administrator
directoryUsername="masterdiradmin"
# Password for the above directory administrator
directoryPassword="masterpass"
# Username for an administrator of the server ( aka Local Domain or . )
# (for local groups like com.apple.access_radius)
serverUsername="serveradmin"
# Password for the above server administrator
serverPassword="serverpass"
# Primary Group ID ("Open Directory Users" group on OS X Server is 20)
primaryGroupID="20"
# NFS Home Directory (leave this as /dev/null if the users are services only)
nfsHomeDirectory="/dev/null"
# Shell path for the user
userShell="/usr/bin/false"
# Domain for the email address (e.g. pretendco.com, apple.com)
emailDomain="pretendco.com"
# List of local groups to add the user to (separate each group with a space)
localGroups=( com.apple.access_radius com.apple.access_afp com.apple.access_addressbook )
# List of network groups to add the user to (separate each group with a space)
networkGroups=( workgroup )
#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
#*#*# Anything Below Here Should Not Be Changed #*#*#
#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
# This function will get the most recent UniqueID for the directory domain,
# then increase by 1 for the next user to add
getLastID() {
getUIDs=`dscl $directoryDomain -list /Users UniqueID`
UIDArray=`echo -E "$getUIDs" | grep -E -o "[0-9]+$"`
nextID=`echo "${UIDArray[*]}" | sort -nr | head -n1`
nextID=$(( $nextID + 1 ))
echo $nextID
}
# Iterate through the CSV and obtain these variables
while IFS=, read importFirstName importLastName importID importPassword
do
# Create the shortname from their name and student ID
# e.g. John Smith with Student ID of 1337 would be js1337
# e.g. Jim Halpert with Student ID of 27144 would be jh27144
shortname=`echo "${importFirstName:0:1}${importLastName:0:1}$importID" | tr "[:upper:]" "[:lower:]"`
# DSCL Magic
# Go through and add all these details to the LDAP domain
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname UniqueID $( getLastID )`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname FirstName $importFirstName`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname LastName $importLastName`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname RealName "$importFirstName $importLastName"`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname EMailAddress "${shortname}@${emailDomain}"`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname Comment "Student ID: $importID"`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname Keywords "students"`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname PrimaryGroupID 20`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname UserShell $userShell`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname NFSHomeDirectory $nfsHomeDirectory`
`dscl -u $directoryUsername -P $directoryPassword $directoryDomain -passwd /Users/$shortname "$importPassword"`
# Iterate through each local group and add the user to that group
for localGroup in "${localGroups[@]}"
do
`dseditgroup -o edit -u $serverUsername -P $serverPassword -a $shortname -t user $localGroup`
done
# Iterate through each network group and add the user to that group
for networkGroup in "${networkGroups[@]}"
do
`dseditgroup -o edit -u $directoryUsername -P $directoryPassword -n $directoryDomain -a $shortname -t user $networkGroup`
done
echo "`date "+%Y-%m-%d %H:%M:%S"`: Added $importFirstName $importLastName ($shortname) to $directoryDomain."
done < $1
Joe Smith 123456 147852
Bill Jones 987654 369852
Steve Miller 654321 852147
@johnnythegeek
Copy link

Hello. Where do I insert the path to the csv file in this .sh file and how should it be formatted? For example if the csv file was on the desktop.

@joncohen
Copy link

joncohen commented Jun 23, 2016

It's an old question - but this is a new discovery for me. Thank you for the work on this. Saved me more than a few hours.

Keep both the script and the .csv in the same directory. Then pass the script as an argument:

./OD_userCreator.sh [full path to .csv file]

This will allow the script to run through your accounts and create the users.

@ehk20
Copy link

ehk20 commented Sep 16, 2017

The script seems to hardcode the PrimaryGroupID to 20 despite having it as a variable in this line:

dscl -u $directoryUsername -P $directoryPassword $directoryDomain -create /Users/$shortname PrimaryGroupID 20

Might be worth fixing for someone using another Primary Group

@arkhz900
Copy link

arkhz900 commented Nov 8, 2017

Great script, I modified it for our server. Just a weird issue I'm running into; the home directory and the owner of the directory seems to be diradmin, when it should be the user. Any suggestions would be much appreciated.

@bizzare
Copy link

bizzare commented May 15, 2022

this was great! Thanks for keeping this around

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment