I am using AD DC. I already have a domain Samba3 + Openladp, I'm creating this new domain Samba4, but I want to import all users who have already registered in my base Openldap. If it was the same demesne I would use the migration tool, but it's a different domain. -- View this message in context: http://samba.2283325.n4.nabble.com/Import-USER-and-PASSWORD-Samba3-OpenLadp-TO-Samba4-tp4690180p4690202.html Sent from the Samba - General mailing list archive at Nabble.com.
Rowland Penny
2015-Aug-25 15:39 UTC
[Samba] Import USER and PASSWORD Samba3+OpenLadp TO Samba4
On 25/08/15 16:02, vinifa wrote:> I am using AD DC. I already have a domain Samba3 + Openladp, I'm creating > this new domain Samba4, but I want to import all users who have already > registered in my base Openldap. If it was the same demesne I would use the > migration tool, but it's a different domain. > > > > -- > View this message in context: http://samba.2283325.n4.nabble.com/Import-USER-and-PASSWORD-Samba3-OpenLadp-TO-Samba4-tp4690180p4690202.html > Sent from the Samba - General mailing list archive at Nabble.com. >OK, this is a users object in my test AD domain: dn: CN=User3,CN=Users,DC=example,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: User3 instanceType: 4 whenCreated: 20150621144659.0Z uSNCreated: 45224 name: User3 objectGUID: cafff519-eeae-4a4b-8395-09b059a9b919 userAccountControl: 512 codePage: 0 countryCode: 0 primaryGroupID: 513 objectSid: S-1-5-21-2025076216-3455336656-3842161122-2106 accountExpires: 9223372036854775807 sAMAccountName: User3 sAMAccountType: 805306368 userPrincipalName: User3 at example.com objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com unixUserPassword: ABCD!efgh12345$67890 msSFU30Name: User3 msSFU30NisDomain: example uidNumber: 10023 gidNumber: 10007 unixHomeDirectory: /home/User3 loginShell: /bin/false whenChanged: 20150624075921.0Z pwdLastSet: 0 uSNChanged: 45447 distinguishedName: CN=User3,CN=Users,DC=example,DC=com If I wanted to add this user with an ldif, I would use something like this: dn: CN=User3,CN=Users,DC=example,DC=com changetype: add cn: User3 objectClass: user sAMAccountName: User3 userPrincipalName: User3 at example.com name: User3 userAccountControl: 512 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com uid: User3 msSFU30Name: User3 msSFU30NisDomain: example uidNumber: 10023 gidNumber: 10007 loginShell: /bin/false unixHomeDirectory: /home/User3 unixUserPassword: ABCD!efgh12345$67890 dn: CN=User3,CN=Users,DC=example,DC=com changetype: modify replace: unicodePwd unicodePwd::$UNICODEPWD" To get $UNICODEPWD, I would do this: UNICODEPWD=$(echo -n "\"$_USER_PW\"" | $_ICONV -f UTF-8 -t UTF-16LE | $_BASE64 -w 0) As you can see the required ldif is different from yours and I told you this over on the samba-technical mailing list. The easiest way for you to add the users will be to write a script that will parse your ldif, using it to obtain the user name etc and then use 'samba-tool user create' to actually create the users, your only problem will be obtaining the users password. Unless you know the users plain passwords, it may be easier to create a new password and set the user to change the password at next logon. Rowland Rowland
Got it, I'll edit my best ldif, I'm thinking and do what you said, reading my ldif, seeking users and regarding the password, leave without password, but force him to change at next logon. Now, as I have in ldif enable this option? Or I'll have to do this in the user manager for user-RSAT Windows? And thanks for Rowland strength. -- View this message in context: http://samba.2283325.n4.nabble.com/Import-USER-and-PASSWORD-Samba3-OpenLadp-TO-Samba4-tp4690180p4690212.html Sent from the Samba - General mailing list archive at Nabble.com.