What is the best method for uploading users? I need to add users/change passwords for about 2000 users every year. I see not a CSV import or anything else.
Using UCS 4.2
There is a CSV-based solution in case you are using UCS@school.
If you are not, then the best method is to use the udm users/user command line:
Make UCR values available as shell variables:
eval $(ucr shell)
Create a user:
udm users/user create --position cn=users,$ldap_base --set username=myusername --set firstname="my first name" --set lastname="my last name" --set password=s3cr3t.passw0rd
Modify a user:
udm users/user modify --dn uid=myusername,cn=users,dc=uni,dc=dtr --set password=new.passw0rd
Greetings
Daniel Tröder
Thanks, I’ve just installed UCS@School. We’ll see how this goes. 
Hi I have setup a UCS core edition to use it as a domain controller for our 10k students. All the students data is available in CSV but I can’t find any option to import the users in bulk. Can you please help with a script to use udm users/user command line to create users into UCS from a CSV file.
Thanks!!
I’ve come across another post about importing users like below but I don’t understand how to import multiple groups as well. The are from a csv file.
eval $(ucr shell)
udm users/user create --position "cn=users,$ldap_base" \
--option person --option posix --option mail --option samba \
--set username="<column1>" \
--set firstname="<column2>" \
--set lastname="<column3>" \
--set displayName="<column2> <column3>"
--set password="<column4>" --set overridePWLength=1 --set overridePWHistory=1 \
--set sambaRID="<column6>" \
--set uidNumber="<column6>" \
--set mailHomeServer="$(hostname -f)" \
--set mailPrimaryAddress="<column5>" \
--set homeShare='\\<column7>.mydomain.org\users\<column1>' \
--set shell='/bin/bash/' \
--set primaryGroup="CN=Domain Users,CN=Groups,DC=mydomain,DC=org" \
--set groups="cn=Domain Users,cn=Groups,$(ucr get ldap/base)" \
If you run
udm users/user
you’ll get a list of possible attributes, required options and if they are meant as list or single value.
..
Groups:
Primary group
primaryGroup (c,posix) Primary group
Additional groups
groups (posix,[]) Groups
..
This means primaryGroup is a single value, but groups is a multi-value field (note the brackets [ ]). Those you configure with --append and --remove.
The DNs to supply to UDM are OpenLDAP DNs, not those from Samba/AD:
udm groups/group list | egrep ^DN | sort
..
DN: cn=Domain Users,cn=groups,$ldap_base
..
So you use --append and --remove like this:
udm users/user modify \
--dn .. \
--set primaryGroup="cn=Domain Users,cn=groups,$ldap_base" \
--append groups="cn=Account Operators,cn=Builtin,$ldap_base" \
--append groups="cn=Remote Desktop Users,cn=Builtin,$ldap_base" \
--remove groups="cn=Domain Admins,cn=groups,$ldap_base" \
--remove groups="cn=Terminal Server User,cn=Builtin,$ldap_base"
Ofc in a create operation --remove doesn’t make sense, but multiple --append do.
When you use --set on a multi-value field, the complete value-list will be replaced with the single value.
Ok I have it working but how do I enable RADIUS and Google Apps these settings in udm?
If you run
udm users/user
you’ll get a list of available properties, that can be set.
For groups it is
udm groups/group
I don’t know the names by memory, you’ll have to look through that output.
Ok a new wrinkle in this story.
Even though I’m specifying in the import…
--set sambaRID="9519" \
--set uidNumber="9519" \
The numbers are NOT the same when I go and look at the web interface, only the uidNumber is correct. I’ve tried the sambaRID with and without quotes and with single quotes it just randomly assigns some other number and not the one I specified! I’ve even tried omitting BOTH numbers and they still end up as two DIFFERENT numbers! This is a pretty bad bug and it’s really messing up my imports!
UCS 4.2-1 errata 122
Have you Samba 4 installed in your environment?
In a Samba 4 environment the RIDs are generated by Samba. If you really need to change it and you know what you are doing, you can change it in Samba 4, for example:
ldbedit -H /var/lib//samba/private/sam.ldb --controls=local_oid:1.3.6.1.4.1.7165.4.3.16:0 cn=USERNANE
Gohmann,
You misunderstand. This is from the script I run on the UCS domain controller server. So yes it is Samba 4.2 (or maybe 4.3). Your udm users/user function is not working correctly.
Does it work if you stop the S4 Connector?
/etc/init.d/univention-s4-connector stop
My guess is, the udm users/user function is working correctly. Afterwards, the S4 connector synchronizes the user object to Samba 4 which changes the RID and afterwards the change is synchronized to OpenLDAP.
There’s a simple script now available to easily import users, group, computers etc. from a CSV file: https://github.com/univention/udm_import
2 Likes
I wanted to drop this here as I had a similar issue and thought the above script was too umm difficult. I’m sure it works great but it seemed like a bunch of overhead. It’s probably better but I like this much better.
#!/bin/bash
# csv file columns should be as follows
# username,firstname,lastname,password
# make sure the csv you are using is in the same directory as this script.
ls --format=single-column
echo "Please type the file containing new users"
read filename
while IFS=, read -a csv_line;
do
univention-directory-manager users/user create \
--position "cn=users,dc=domain,dc=intranet" \
--set username=${csv_line[0]} \
--set firstname=${csv_line[1]} \
--set lastname=${csv_line[2]} \
--set organisation="My Org" \
--set password=${csv_line[3]}
done < $filename
exit 0
I hope this helps someone.
1 Like
Hi there,
I’m using Univention 5.0, so Is there any way to use function univention-directory-manager users/user create with “Invite user via e-mail. Password will be set by the user” after installed self-service